Apple urges users to immediately update their devices to patch a zero-click weakness that allows attacks to compromise iPhones, iPads and Mac, a flaw posing increased risks for cryptocurrency holders.
On a Thursday AdvisoryApple said the weakness in image processing allowed sophisticated actors to compromise Apple’s devices. The disclosure page of weakness Notes This is fixed as part of Macos Sonoma 14.7.8, Macos Ventura 13.7.8, iPados 17.7.10, Macos Sequoia 15.6.1, iOS 18.6.2 and iPados 18.6.2 updates.
“Apple is aware of a report that this issue may be exploited in a very sophisticated attack against specific targeted individuals,” the company said.
Cybersecurity experts warn that the flaw is particularly dangerous for those in crypto, as they are significantly more exposed to cyberattacks. Access to the systems integrated with the crypto directly leads to financial acquisitions through irreversible transactions for the attack, resulting in the highly motivated actor targeted in this category.
Juliano Rizzo, founder and CEO in cybersecurity firm Coinspect, told Cointelegraph that it was a Zero-click weakness That does not require user interaction and “an attachment delivered by iMessage can be automatically processed and lead to device compromise.” Attacks can potentially use access to the device to reach purse data.
Related: Bitcoiner lost $ 91M on Social Engineering Attack: Zachxbt
Details of Apple’s weakness
The weakness affects the image of Apple I/O. Outlinethat provides applications to read and write most image file formats. Due to improper implementation, the processing of a malicious image is allowed for Write the memory of the memory Access.
In other words, attacks can use this weakness to write in the memory areas of a device that should be inaccessible. Such an issue, in the hands of a particularly sophisticated attack, can compromise the security of the device by allowing attacks to conduct code on targeted devices.
The memory of a device handles all the programs currently conducted, including critical ones. The ability to write in memory outside of the authorized range gives the attacks to change how other programs operate and perform.
Related: Ethereum Core Dev’s Crypto wallet drained by malicious AI extension
Advice for crypto holders
Rizzo advised high-value targets that use weak devices for basic storage or sign to switch to new keys of purse if there is any sign of compromise or “if there is any evidence of targeting” on the device that stores credentials:
“The exact steps depend on the details of the attack, but the key is to stay calm, document a clear plan, and start by securing basic accounts (emails, clouds) that attacks can be exploited for password reset or additional access. account. ”
For average individuals, Rizzo noted that “the review system logs may show anomalies, but in practice this data is difficult to interpret.” He said vendors like Apple are well positioned to see exploitation and contact the victims directly.
https://www.youtube.com/watch?v=ndv0rFehetq
Magazine: Coinbase Hack shows the law probably won’t protect you: here’s why
