Nazia Saeed
Apple is urging users to immediately update their devices to patch a zero-click vulnerability that allowed attackers to compromise iPhones, iPads, and Macs. The flaw poses heightened risks for cryptocurrency holders.
In a Thursday advisory, Apple said the image processing vulnerability allowed sophisticated actors to compromise Apple devices. The vulnerability disclosure page notes that it was fixed as part of the macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2, and iPadOS 18.6.2 updates.
“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the company said.
Newsletter
Get weekly updates on the newest crypto stories, case studies and tips right in your mailbox.
Cybersecurity experts warned the flaw is particularly dangerous for those in crypto, since they are significantly more exposed to cyberattacks. Access to crypto-integrated systems directly leads to financial gains through irreversible transactions, making this a high-priority target for attackers.
Apple vulnerability details
The vulnerability affects Apple’s Image I/O framework, which allows applications to read and write most image file formats. Due to improper implementation, processing a malicious image allows for out-of-bounds memory write access.
Attackers can leverage this flaw to write to areas of a device’s memory that should be inaccessible. This allows attackers to execute their own instructions and compromise device security.
Advice for crypto holders
Juliano Rizzo, founder and CEO of Coinspect, advised high-value targets who use vulnerable devices for key storage or signing to migrate to new wallet keys if there is any sign of compromise.
The exact steps depend on the attack specifics, but the key is to stay calm, document a clear plan, and start by securing primary accounts (email, cloud) that attackers could exploit for password resets or further access. Patching is critical, but waiting for updates to finish should never delay immediate account lockdown.
For average users, Rizzo noted that checking system logs could theoretically show anomalies, but in practice, the data is difficult to interpret. Vendors like Apple are well-positioned to detect exploitation and contact victims directly.
