CZ Warns Crypto Community of New Exploit Targeting MacOS and IPhone Users
Former Binance CEO Changpeng โCZโ Zhao has warned the crypto community about a new exploit targeting Mac users powered by Intel chips, which could potentially expose a userโs digital assets.
Zhao highlighted the zero-day exploit on Nov. 19, urging Intel-based Mac users to patch their systems to prevent falling victim to ongoing exploits. The vulnerabilities, which also impact iPhones and iPads, have been actively exploited on Mac systems, prompting Apple to release emergency fixes.
โIf you use a MacBook with an Intel-based chip, Update asap!โ Zhao wrote, cautioning the crypto community about potential risks to sensitive data.
Zero-day vulnerabilities are bugs discovered and exploited by hackers before a patch is available. Hence the name, as developers have โzero daysโ to address the issue, leaving users vulnerable until updates are installed.
According to a postmortem from Apple, the vulnerabilities, tracked as CVE-2024-44308 and CVE-2024-44309, affect the JavaScriptCore and WebKit components of macOS Sequoia. Hackers can leverage this to execute โcross-site scripting attacksโ and stealthily run malicious code.
Cross-site scripting attacks are a type of security vulnerability where attackers inject malicious scripts into trusted websites or applications. These scripts run in the browser of a user visiting the compromised site, allowing attackers to hijack user sessions, redirect users to malicious sites, and steal sensitive information.
You might also like: Thala protocol resumes operations after $25.5m exploit
Crypto hackers have long exploited similar vulnerabilities across both Mac and Windows systems to steal wallet credentials, execute phishing scams, or inject malware to siphon private keys and digital assets.
The tech giant reported one of the vulnerabilities as a cookie management issue, which has since been resolved with โimproved state management.โ At the same time, the other was addressed with โimproved checks,โ the report added.
The vulnerabilities were first discovered by researchers at Googleโs Threat Analysis Group, known for investigating government-backed cyberattacks. As such, speculations have emerged about the potential involvement of state-sponsored actors.
Apple hasnโt disclosed any details regarding the extent of the damage other than the fact that the vulnerabilities have been โactively exploited.โ
Apple users at risk
Apple users, despite the companyโs strong security reputation, have found themselves at risk on several occasions this year alone. On Nov. 12, North Korean hackers targeted macOS users with crypto-focused malware capable of evading Appleโs security measures on outdated systems.
In April, web3 wallet provider Trust Wallet issued a warning about another zero-day exploit in Appleโs iMessage framework, which allowed attackers to infiltrate iPhones without any user interaction.ย
A month before, researchers discovered a flaw in Appleโs M-series chips that could be exploited to extract cryptographic keys residing in the CPUโs cache, leaving sensitive data susceptible to compromise.
Further, attackers have also managed to infiltrate the App Store several times, despite Appleโs stringent policies, to promote malicious apps that impersonate prominent crypto exchanges, wallets, and other fraudulent platforms that siphon a userโs crypto assets.
Read more: Tapioca Foundation offers $1m bounty to attacker after $4.7m exploit