CZ Warns Crypto Community of New Exploit Targeting MacOS and IPhone Users
Former Binance CEO Changpeng āCZā Zhao has warned the crypto community about a new exploit targeting Mac users powered by Intel chips, which could potentially expose a userās digital assets.
Zhao highlighted the zero-day exploit on Nov. 19, urging Intel-based Mac users to patch their systems to prevent falling victim to ongoing exploits. The vulnerabilities, which also impact iPhones and iPads, have been actively exploited on Mac systems, prompting Apple to release emergency fixes.
āIf you use a MacBook with an Intel-based chip, Update asap!ā Zhao wrote, cautioning the crypto community about potential risks to sensitive data.
Zero-day vulnerabilities are bugs discovered and exploited by hackers before a patch is available. Hence the name, as developers have āzero daysā to address the issue, leaving users vulnerable until updates are installed.
According to a postmortem from Apple, the vulnerabilities, tracked as CVE-2024-44308 and CVE-2024-44309, affect the JavaScriptCore and WebKit components of macOS Sequoia. Hackers can leverage this to execute ācross-site scripting attacksā and stealthily run malicious code.
Cross-site scripting attacks are a type of security vulnerability where attackers inject malicious scripts into trusted websites or applications. These scripts run in the browser of a user visiting the compromised site, allowing attackers to hijack user sessions, redirect users to malicious sites, and steal sensitive information.
You might also like: Thala protocol resumes operations after $25.5m exploit
Crypto hackers have long exploited similar vulnerabilities across both Mac and Windows systems to steal wallet credentials, execute phishing scams, or inject malware to siphon private keys and digital assets.
The tech giant reported one of the vulnerabilities as a cookie management issue, which has since been resolved with āimproved state management.ā At the same time, the other was addressed with āimproved checks,ā the report added.
The vulnerabilities were first discovered by researchers at Googleās Threat Analysis Group, known for investigating government-backed cyberattacks. As such, speculations have emerged about the potential involvement of state-sponsored actors.
Apple hasnāt disclosed any details regarding the extent of the damage other than the fact that the vulnerabilities have been āactively exploited.ā
Apple users at risk
Apple users, despite the companyās strong security reputation, have found themselves at risk on several occasions this year alone. On Nov. 12, North Korean hackers targeted macOS users with crypto-focused malware capable of evading Appleās security measures on outdated systems.
In April, web3 wallet provider Trust Wallet issued a warning about another zero-day exploit in Appleās iMessage framework, which allowed attackers to infiltrate iPhones without any user interaction.Ā
A month before, researchers discovered a flaw in Appleās M-series chips that could be exploited to extract cryptographic keys residing in the CPUās cache, leaving sensitive data susceptible to compromise.
Further, attackers have also managed to infiltrate the App Store several times, despite Appleās stringent policies, to promote malicious apps that impersonate prominent crypto exchanges, wallets, and other fraudulent platforms that siphon a userās crypto assets.
Read more: Tapioca Foundation offers $1m bounty to attacker after $4.7m exploit