Register on the Bybit exchange and receive a bonus of $4000.
Kryptowaluty

Apple admits to remote code exploitation that compromised cryptocurrency security

The company assured of an immediate solution to the problem and taking additional steps to enhance data protection.

Date: 2024-11-22 Author: Łukasz Michałek
Apple admits to remote code exploitation that compromised cryptocurrency security

Apple has confirmed a critical vulnerability in the security of its devices that allowed malicious actors to remotely execute code via web-based JavaScript code, creating a potential security threat to users’ cryptocurrencies.

The exploit, detailed in a recent Apple security disclosure, affected JavaScriptCore and WebKit software, which are essential components for processing web content.

The company urged users to update their devices to the latest versions of the software to reduce the risk. The vulnerability discovered by Google’s threat analysis group could allow “the processing of maliciously crafted web content,” which could lead to cross-site scripting attacks.

Apple acknowledged that the problem could be actively exploited on Mac systems with Intel processors, raising concerns about its impact.

CTA
Register for ByBit

The flaw was not limited to Macs; iPhone and iPad users were also at risk. Apple revealed that the JavaScriptCore vulnerability could lead to the execution of arbitrary code if users access malicious websites. A software update has already been released to address the issue.

Jeremiah O’Connor, technical director of cryptocurrency security firm Trugard, warned that unpatched devices could expose sensitive data such as private keys and passwords stored in browsers, making cryptocurrency theft a tangible threat.

“Attackers can gain access to sensitive data, posing a serious risk to cryptocurrency users,” O’Connor said. The crypto community was quick to react to the reports. Former Binance CEO Changpeng Zhao urged users of Intel-based MacBooks to update their systems immediately, raising the alarm on social media.

The incident follows earlier reports of security vulnerabilities in Apple’s M-series chips (M1, M2 and M3).

The chips were found to have a flaw in the pre-download process, a feature designed to increase performance.

Security researchers have discovered that pre-downloading can be used to store sensitive data in the processor’s cache, allowing attackers to reconstruct crypto keys.

Unlike the JavaScriptCore vulnerability, chip-level flaws cannot be fixed through software updates. While workarounds exist, they often require a compromise between device performance and security.

Apple’s latest disclosures underscore the growing link between cybersecurity and cryptocurrencies, highlighting the critical need for timely updates to protect sensitive data in an increasingly digital world.

CTA
Zarejestruj się na giełdzie ByBit i odbierz bonus nawet do 30,000$!

Cthulhu Stealer malware attacks Apple users

In August, Cado Security warned Apple Mac users of a new malware variant called “Cthulhu Stealer,” which aims to steal personal information and attack cryptocurrency wallets.

“Although macOS has a reputation for being secure, malware for the system has increased in recent years,” – the company stated. Cthulhu Stealer impersonates legitimate software such as CleanMyMac or Adobe GenP and appears as an Apple disk image (DMG).

When users download and open this file, they are prompted to enter a password using a macOS command-line tool that supports AppleScript and JavaScript. After entering the initial password, the malware asks for a second password, specifically targeting the Ethereum MetaMask wallet .

The rise in popularity of Cthulhu Stealer and other similar threats, such as the AMOS malware that clones Ledger Live software, has prompted Apple to take action.

The tech giant recently announced updates to its macOS system that make it more difficult for users to bypass Gatekeeper‘s security features, which ensure that only trusted applications run.

CTA
Register for ByBit
Łukasz Michałek
Łukasz Michałek
Founder of the rapidly developing cryptocurrency channel "Biblia Kryptowalut" on YouTube. He also co-creates the Arena Trading group with Marek. Łukasz is fascinated and passionate about blockchain technology and cryptocurrencies, which constitute the central element of his activity in the cryptocurrency industry.
Register on the Bybit exchange and receive a bonus of $4000.
Get Bonus