Apple is warning users to update their devices immediately after patching a zero-click vulnerability that could let attackers compromise iPhones, iPads and Macs — with experts cautioning the flaw poses heightened risks for cryptocurrency holders.
In an advisory on Thursday, Apple said the image processing flaw, found in the Image I/O framework, had already been exploited in “extremely sophisticated attacks against specific targeted individuals.” The issue was fixed in the latest round of updates, including macOS Sonoma 14.7.8, Ventura 13.7.8, Sequoia 15.6.1, and iOS/iPadOS 17.7.10 and 18.6.2.
The vulnerability allowed attackers to send a malicious image that would be processed automatically, requiring no user interaction. By exploiting improper implementation, hackers could perform out-of-bounds memory writes — a critical weakness that could enable them to alter how programs operate, run malicious code and potentially access crypto wallets.
“An attachment delivered via iMessage can be processed automatically and lead to device compromise,” Juliano Rizzo, founder of cybersecurity firm Coinspect, told Cointelegraph. He warned that high-value crypto holders who suspect compromise should migrate to new wallet keys.
Apple did not disclose the attackers’ identities but stressed the importance of updating devices immediately. Security experts note that the flaw is particularly dangerous for crypto users, since stolen keys or wallet access can be immediately monetized through irreversible blockchain transactions.
Rizzo added that average users may struggle to detect anomalies in system logs and should rely on Apple’s monitoring and alerts. Still, he emphasized that securing accounts and patching devices quickly are the most important steps.
