Apple Fixes Critical Vulnerability That Put Your Crypto in Danger

An urgent security update for iOS 18.6 has been released by Apple, 2. iPadOS 18.6.2, and macOS to address a critical zero-day vulnerability in its ImageIO framework (CVE-2025-43300). This vulnerability, which has already been used in the wild, allowed hackers to exploit such a primitive functionality as image opening to jeopardize device security and possibly empty wallets for cryptocurrency users.

Core issue

The flaw is caused by an out-of-bounds write problem in ImageIO, which is Apple’s system for handling image files on iOS, iPadOS and macOS. Malicious images could be created by attackers with the intention of corrupting memory when viewed or opened.

You Might Also Like

According to Apple, a highly sophisticated attack that targeted particular individuals has already exploited this vulnerability. Despite the lack of specifics, Apple acknowledged that it is aware of active exploitation.

How is crypto affected? 

This kind of zero-day exploit is particularly risky for cryptocurrency owners. An effective exploit might allow hackers to gain access to the device and use it to act like spyware, record keystrokes or steal authentication information. In essence, hackers would have access to someone’s cryptocurrency holdings if private keys, seed phrases or exchange login credentials were made public or stored poorly.

You Might Also Like

Because mobile and desktop apps are essential to cryptocurrency wallets and exchanges, a compromised iPhone, iPad or Mac provides direct access to a user’s assets. In many situations, just receiving or opening an image could have activated the exploit due to memory access.

Phishing campaigns could therefore be distributed by disguising themselves as harmless image attachments, social media posts or even artwork associated with an NFT.

You should update right away if you are using iOS, iPadOS or macOS. As the use of cryptocurrencies continues to grow, attackers are concentrating more on flaws that allow them to get around wallet encryption by targeting the operating system itself. Device-level security is equally as important as blockchain security.