TECHREPORT.COM
Apple Vulnerabilities Could Endanger Your Crypto One Is Not Patchable
KEY TAKEAWAYSApple reported a vulnerability that opens up users to data theft in the browser, including passwords and potentially crypto.The latest iOS updates should fix this vulnerability, so its imperative for users to update their devices, Macs, and mobile phones.JavaScriptCore and WebKit services are the root cause of the vulnerability, and Apple said theyve already been exploited by hackers.Apples M1, M2, and M3 Mac chips remain vulnerable to data theft, including crypto wallet-sensitive data, as the vulnerability is on the hardware.On Monday, Apple confirmed an iOS vulnerability that could result in massive crypto theft.An attacker could inject malicious code through JavaScript (web-based attack), which opens the way to a cross-site scripting attack.More importantly, the flaw was already discovered and misused by hackers.Apple is aware of a report that this issue may have been exploited on Intel-based MAC systems. AppleThis is further compounded by a March report that Apples last-gen chips (M1, M2, and M3 series) are vulnerable to cryptographic key theft.Lets see what this means for Apple users.Root Cause of the Vulnerability WebKit & JavaScriptApples analysis of the vulnerability narrows down the problem to two things:1. Web-based arbitrary code execution through JavaScriptCore. This was exploited on Intel-based Mac systems.2. Cross site scripting attacks through WebKit, similarly exploited on Intel-based Mac systems.Both issues have been addressed in the latest update, as Changpeng Zhao (Binance CEO) notified on X.If you havent updated your Intel-based Macbook, do it now. You need the latest version of WebKit and JavaScriptCore to patch this vulnerability.Otherwise, your crypto assets may be at risk.Apple issued a similar vulnerability report for iOS 18.1.1 and iPadOS 18.1.1. JavaScripCore and WebKit were also the culprits.As for the solution, an OS update should solve the issue.Free Access to Browser Passwords & Crypto KeysThats right, this vulnerability allowed hackers to see any sensitive data stored in your browser. This includes crypto wallet private keys.[] attackers could access sensitive data like private keys or passwords. Jeremiah OConnor, Trugard CTO and Co-FounderThis is further aggravated by a March report from Apple saying that the M1, M2, and M3 chips are also vulnerable.A different kind of vulnerability, mind you.Hackers can steal cryptographic keys through a prefetching exploit, which accesses data stored in the processor and then builds a cryptographic key that should be private.The problem is that this is a chip-level vulnerability and, thus, not patchable through software updates.Apple Just Why?The good news is that if you use a current-gen Apple chip, youre safe. The latest software updates removed the vulnerability, so your crypto and passwords are secure.The bad (or horrible) news is that M1, M2, and M3 chip users are still open to the prefetching exploit. But only if you install malware on your device.The only solution is to move your crypto wallets to other devices, like a Windows PC. Not ideal, but apparently necessary.ReferencesClick to expand and view referencesAdd Techreport to Your Google News Feed Get the latest updates, trends, and insights delivered straight to your fingertips. Subscribe now! Subscribe now Alex is a junior crypto editor passionate about data privacy, cybersecurity, and crypto. Youll often find him geeking out on the latest security key, password manager, or the hottest crypto presale, looking for that one digital currency to rule them all. With over six years of freelance writing under his belt, Alex fell in love with the process.From researching data and brainstorming topics to comparing cryptocurrency whitepapers and digging deep into crypto roadmaps, its all in the keyboard. Ideally, a mechanical one with brown switches.Alex is an eternal learner who knows that continuous improvement is the best way to remain relevant. Currently, he's brushing up his E-E-A-T and SEO skills, but who knows what comes next? In his spare time, he enjoys video games, horror movies, and going to the gym, which sometimes conflicts with his gourmand nature.Oh, well, you can't have them all.Follow Alex on LinkedIn View all articles by Alex Popa Our editorial processThe Tech Reporteditorial policyis centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written byreal authors.
0 Commenti 0 condivisioni 14 Views