Skip to content

Apple users beware: Critical security flaw puts crypto assets at risk

Apple users beware: Security flaw puts crypto assets at risk

Apple operating systems have once again been discovered to include vulnerabilities of very high severity, and users have been advised not to put off installing the latest versions of iOS 16.4.1 and macOS 13.3.1, respectively.

Users have also been advised that the updates are also available for iOS 15 and macOS 11 and 12, according to a report by internet security solutions Kaspersky on April 17.

Based on the findings of the research, a total of two vulnerabilities were found. The first vulnerability, identified as CVE-2023-28205 and rated as “high” (or 8.8 out of 10) in severity, affects the WebKit engine, which serves as the foundation for the Safari web browser. The crux of this vulnerability is that malicious actors may run arbitrary code on a device if they access it via a website that they have created specifically for that purpose.

The IOSurfaceAccelerator object was found to have the second vulnerability, which was identified as CVE-2023-28206 and has a threat level of “high” (8.6/10). It is possible for attackers to utilize it to execute programs with core permissions of the operating system. As a result, attackers can gain root privileges, which may ‘compromise the security of users’ crypto assets,’ as per crypto journalist Colin Wu.

Therefore, these two flaws may be exploited together to achieve a greater level of success: the first flaw is used first to breach the security of the device so that the second flaw can be used. The second vulnerability, on the other hand, grants the ability to “escape from the sandbox” and do almost any action with an infected device.

Where the vulnerabilities can be found

These flaws are present in mobile operating systems, including as iOS, iPadOS, and tvOS, in addition to the desktop operating system known as macOS.

Apple has provided updates (one after the other) for a broad variety of systems, including macOS 11, 12, and 13, iOS/iPadOS 15 and 16, and also tvOS 16, as a result of the fact that not only the most recent versions of these operating systems, but also earlier generations, are susceptible to vulnerabilities.

On Apple’s mobile operating systems, only the WebKit engine is supported. Web pages on the iPhone will be rendered by WebKit regardless of the browser you use (thus, any browser on iOS is effectively Safari).

In addition, the same engine is used whenever a web page is loaded in any program. WebKit will be used to show content even if it doesn’t appear like a web page. That’s why it’s critical to always keep Safari up-to-date, even if you primarily use a different browser like Chrome or Firefox.

Infection of an iOS device or Mac with a “zero-click” exploit is feasible due to vulnerabilities in WebKit like the one detailed above. Simply luring a person to a malicious website is enough to infect their device without requiring any action on their part.

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10. Other fees apply. For more information, visit etoro.com/trading/fees.

  • Copy top-performing traders in real time, automatically.

  • eToro USA is registered with FINRA for securities trading.

30+ million Users
Securities trading offered by eToro USA Securities, Inc. (“the BD”), member of FINRA and SIPC. Cryptocurrency offered by eToro USA LLC (“the MSB”) (NMLS: 1769299) and is not FDIC or SIPC insured. Investing involves risk, and content is provided for educational purposes only, does not imply a recommendation, and is not a guarantee of future performance. Finbold.com is not an affiliate and may be compensated if you access certain products or services offered by the MSB and/or the BD

Read Next:

Finance Digest

By subscribing you agree with Finbold T&C’s & Privacy Policy

Related posts

Sign Up

or

By submitting my information, I agree to the Privacy Policy and Terms of Service.

Already have an account?

Services

IMPORTANT NOTICE

Finbold is a news and information website. This Site may contain sponsored content, advertisements, and third-party materials, for which Finbold expressly disclaims any liability.

RISK WARNING: Cryptocurrencies are high-risk investments and you should not expect to be protected if something goes wrong. Don’t invest unless you’re prepared to lose all the money you invest. (Click here to learn more about cryptocurrency risks.)

By accessing this Site, you acknowledge that you understand these risks and that Finbold bears no responsibility for any losses, damages, or consequences resulting from your use of the Site or reliance on its content. Click here to learn more.