Wu Blockchain warned Apple crypto users that operating system vulnerabilities could expose them to attackers.
“A very serious vulnerability has been found again in Apple’s operating system. Attackers can gain root privileges, which may compromise the security of users’ crypto assets.“
Crypto threat posed by root vulnerabilities
Linking an article from Kaspersky, it was noted that these are “high threat” vulnerabilities applicable to iOS and macOS.
Given the severity of the threat, Apple responded immediately with updates to patch its latest operating systems and “several previous versions.”
A deep dive by Kaspersky revealed the first vulnerability, labeled “CVE-2023-28205,” relates to the development architecture of the company’s Safari web browser. If exploited, bad actors could execute arbitrary code on the device.
Vulnerability “CVE-2023-28206” enables attackers to execute code with the operating system’s core permissions. When both vulnerabilities are exploited together, gaining access to the device and bypassing security partitions to obtain full access is possible.
“Thus, these two vulnerabilities can be used in combination: the first serves to initially penetrate the device so that the second can be exploited. The second, in turn, allows you to “escape from the sandbox” and do almost anything with the infected device.”
Protecting your device
Kaspersky pointed out that Safari architecture renders all webpages on Apple’s mobile devices, regardless of whether a different browser is used. Moreover, such is the browser architecture that “zero-click” infection is possible.
The firm recommends installing the newest Apple updates – for those on the latest iOS, iPadOS, or tvOS devices, this would be version 16.4.1.
Older iPhones and iPads no longer supported should ensure the device runs version 15.7.5.
Responding to Wu Blockchain, one Twitter user said their Trust Wallet was hacked today, implying attackers had exploited the device vulnerabilities mentioned.
Similarly, another drew parallels with this and ongoing MetaMask vulnerabilities, which seemingly have no known attack vectors.
The post Apple crypto users potentially exposed to iOS, macOS vulnerabilities appeared first on CryptoSlate.