Skip to content

Apple users beware: Critical security flaw puts crypto assets at risk

Apple users beware: Security flaw puts crypto assets at risk

Apple operating systems have once again been discovered to include vulnerabilities of very high severity, and users have been advised not to put off installing the latest versions of iOS 16.4.1 and macOS 13.3.1, respectively.

Users have also been advised that the updates are also available for iOS 15 and macOS 11 and 12, according to a report by internet security solutions Kaspersky on April 17.

Based on the findings of the research, a total of two vulnerabilities were found. The first vulnerability, identified as CVE-2023-28205 and rated as “high” (or 8.8 out of 10) in severity, affects the WebKit engine, which serves as the foundation for the Safari web browser. The crux of this vulnerability is that malicious actors may run arbitrary code on a device if they access it via a website that they have created specifically for that purpose.

The IOSurfaceAccelerator object was found to have the second vulnerability, which was identified as CVE-2023-28206 and has a threat level of “high” (8.6/10). It is possible for attackers to utilize it to execute programs with core permissions of the operating system. As a result, attackers can gain root privileges, which may ‘compromise the security of users’ crypto assets,’ as per crypto journalist Colin Wu.

Therefore, these two flaws may be exploited together to achieve a greater level of success: the first flaw is used first to breach the security of the device so that the second flaw can be used. The second vulnerability, on the other hand, grants the ability to “escape from the sandbox” and do almost any action with an infected device.

Where the vulnerabilities can be found

These flaws are present in mobile operating systems, including as iOS, iPadOS, and tvOS, in addition to the desktop operating system known as macOS.

Apple has provided updates (one after the other) for a broad variety of systems, including macOS 11, 12, and 13, iOS/iPadOS 15 and 16, and also tvOS 16, as a result of the fact that not only the most recent versions of these operating systems, but also earlier generations, are susceptible to vulnerabilities.

On Apple’s mobile operating systems, only the WebKit engine is supported. Web pages on the iPhone will be rendered by WebKit regardless of the browser you use (thus, any browser on iOS is effectively Safari).

In addition, the same engine is used whenever a web page is loaded in any program. WebKit will be used to show content even if it doesn’t appear like a web page. That’s why it’s critical to always keep Safari up-to-date, even if you primarily use a different browser like Chrome or Firefox.

Infection of an iOS device or Mac with a “zero-click” exploit is feasible due to vulnerabilities in WebKit like the one detailed above. Simply luring a person to a malicious website is enough to infect their device without requiring any action on their part.

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in 70+ cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10. Other fees apply. For more information, visit

  • Copy top-performing traders in real time, automatically.

  • eToro USA is registered with FINRA for securities trading.

30+ million Users
eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. eToro USA LLC does not offer CFDs, only real Crypto assets available. Don’t invest unless you’re prepared to lose all the money you invest.

Read Next:

Weekly Finance Digest

By subscribing you agree with Finbold T&C’s & Privacy Policy

Related posts

Disclaimer: The information on this website is for general informational and educational purposes only and does not constitute financial, legal, tax, or investment advice. This site does not make any financial promotions, and all content is strictly informational. By using this site, you agree to our full disclaimer and terms of use. For more information, please read our complete Global Disclaimer.