"Silent Hack: Apple Patches Zero-Click Threat Stealing Crypto Without a Click"

Generated by AI AgentCoin World
Friday, Aug 22, 2025 3:10 pm ET2min read
AAPL
--
Aime RobotAime Summary

- Apple released urgent iOS 18.6.2 and macOS patches to fix CVE-2025-43300, a zero-click Image I/O vulnerability enabling silent crypto wallet theft via malicious images.

- The out-of-bounds write flaw allows code execution without user interaction, targeting high-value crypto users through iMessage attachments and memory corruption.

- Security experts warn stolen cryptocurrency is irrecoverable, urging manual updates and wallet key migration for affected users while Apple monitors exploitation patterns.

- Though limited to sophisticated, targeted attacks, the vulnerability highlights risks for crypto holders due to irreversible digital asset transfers and automated exploit delivery.

Apple has issued an urgent software update to address a zero-click vulnerability that poses a significant risk to cryptocurrency users. The flaw, discovered within Apple’s Image I/O framework, could allow attackers to execute malicious code on devices simply by processing a malicious image file. This vulnerability does not require user interaction, making it especially dangerous as it can compromise sensitive data such as crypto wallet information without the user’s awareness [1].

The vulnerability, tracked as CVE-2025-43300, was exploited in targeted attacks against specific individuals, according to Apple’s advisory. The company has released iOS 18.6.2 and corresponding patches for macOS, addressing the issue in the latest versions of its operating systems. These updates are available for a wide range of devices, including iPhones from the 2018 models onward, various iPad models, and recent Mac computers.

Apple
is urging users to manually apply the update rather than wait for automatic rollout [3].

The exploit leverages a flaw in how the Image I/O framework processes image files. A maliciously crafted image could lead to memory corruption, enabling unauthorized code execution. Experts explain that such vulnerabilities allow attackers to manipulate memory beyond the bounds set by the application, potentially granting access to critical system functions. Security researcher Pieter Arntz of Malwarebytes described the flaw as an out-of-bounds write vulnerability, which could be exploited through iMessage attachments processed automatically [3].

Cryptocurrency users face heightened risks from this exploit due to the irreversible nature of digital asset transfers. Unlike traditional financial data, stolen cryptocurrency is difficult to recover once transferred. This makes crypto wallets prime targets for sophisticated cyberattacks. Coinspect CEO Juliano Rizzo emphasized that zero-click vulnerabilities like this one could silently compromise devices and access wallet data without user awareness [1].

Security experts recommend that high-value crypto holders who suspect a breach should consider migrating their wallet keys and securing primary accounts such as email and cloud services. While ordinary users may not be able to detect exploitation on their own, Apple and other vendors are better positioned to monitor for such attacks and notify affected users. The immediate priority is for all users to install the latest security updates to close the vulnerability [2].

Apple has not disclosed details of the exploited attacks, but security analysts believe the complexity of the exploit likely limited its use to highly targeted individuals. Sean Wright of Featurespace noted that the nature of the vulnerability suggests it was used in a small-scale, sophisticated attack. Nevertheless, he strongly recommended users apply the fix promptly to avoid potential exposure [3].

Source:

[1] Apple Races to Patch Zero-Click Exploit that Put Crypto Users at Risk (https://www.tipranks.com/news/apple-races-to-patch-zero-click-exploit-that-put-crypto-users-at-risk)

[2] Apple Fixes Zero-Click Vulnerability Threatening Crypto Wallets (https://www.gokhshteinmedia.com/news/apple-fixes-zero-click-vulnerability-threatening-crypto-wallets)

[3] Apple Issues Urgent iOS Update, iOS 18.6.2 Update Pinned to Address Zero-Click Exploit (https://www.cryptopolitan.com/apple-issues-urgent-ios-update-ios-18-6-2/)

Comments



Add a public comment...
No comments

No comments yet