- A critical vulnerability was found on Apple devices, exposing them to crypto hacks.
- Apple released upgrades for iOS and macOS.
Apple devices are known for their security, encryption, and added security features, making them a favored choice for buyers. But some recent events caused them to release urgent software updates. Some vulnerabilities in iOS and macOS devices made them vulnerable to crypto attacks, hence the critical upgrade.
The Vulnerability and Apple’s New Upgrade
Kaspersky noted that Apple released urgent upgrades to solve the vulnerability in iOS and macOS devices. The security firm urged the users to upgrade their devices to iOS 16.4.1 and macOS 13.3.1. This security weakness allowed hackers to control machines and even steal crypto.
Analysts at Apple found two security threats, CVE-2023-28205 and CVE-2023-28206. An attacker could use a combination of these to perform a zero-click exploit. To carry out such attacks, victims are taken to phishing websites, and while surfing, the malware automatically gets installed on the device without any page interaction.
When this malware is installed, the attacker can easily control the device and run desired codes without asking for core permissions from the operating system. This could even be used to access crypto wallets present on devices.
Crypto Industry and the Battle Against Phishing Attacks
Cryptocurrency hackers are favoring such phishing attacks to steal users’ funds. Kaspersky reported that such attacks increased by 40%, as there were 3,596,437 in 2021, and climbed to 5,040,520 detections in 2022.
For such attacks, phishing websites slightly change the spelling from the original website. It is hard for unaware users to catch such minor alterations, making them fall prey to it. Victims are then lured to connect their crypto wallets, which are drained of any assets present, like tokens, NFTs, and cryptocurrencies.
Primarily these bad actors run Google Ads to their phishing websites on the top of the search page. A similar incident was reported in October 2022, where a fake CoinMarketCap link was found above the original website. A novice user could have fallen victim to this trap.
A recent survey involving around 2,000 Americans revealed that about one-third have been a victim of crypto theft at least once.
To be safe from such attacks, a user must first diversify the funds in different wallets as a primary security measure. Moreover, one has to be vigilant regarding the authenticity of the website. Also, if a general awareness of recent attacks is kept, users could avoid falling into a similar trap.
Keeping the assets in a cold wallet could also help. If the cryptocurrency is stored off-grid, there are minimal chances of being stolen. Also, diversifying the funds into multiple non-custodial wallets increases the chances of safety. Even if one wallet or protocol is attacked, the other wallets could act as backups.
Keeping the assets in a hot wallet over an exchange could provide faster trading and transactions, but it is also dangerous. A similar incident happened with FTX users, as their funds were gone when the exchange filed for bankruptcy.
Source: https://www.thecoinrepublic.com/2023/04/20/apple-devices-exposed-to-crypto-hacks-by-a-critical-vulnerability/