Apple has confirmed that their devices are vulnerable to exploits that allow remote execution of malicious code via web-based JavaScript, creating an attack vector that could lead to victims losing cryptocurrency.
This vulnerability, discovered by researchers at Google's threat analysis group, allows for 'processing maliciously crafted web content', which can lead to 'cross-site scripting attacks'.
Apple also acknowledged that they 'are aware of a report that this issue may have been actively exploited on Intel-based Mac systems.'
According to a recent security disclosure from Apple, users must use the latest versions of JavaScriptCore and WebKit software to patch the vulnerability.
Additionally, Apple stated that the vulnerability in JavaScriptCore could allow for 'processing maliciously crafted web content leading to arbitrary code execution'. In other words, hackers could take control of a user's iPhone or iPad if they visit a malicious website.
CZ Binance issues a warning
Former Binance CEO Changpeng Zhao (CZ) quickly shared information about this vulnerability on X, urging Apple users to update their devices to the latest version to patch the flaw.
Apple's M1, M2, and M3 chips can also be attacked
In March, security researchers discovered a vulnerability in Apple's previous generation chips — the M1, M2, and M3 series that could allow hackers to steal cryptographic keys.
This exploitation technique leverages 'prefetching', a process used by Apple's M-series chips to speed up interactions with the company's devices. Prefetching can be exploited to store reasonable data in the processor's hidden cache and then access it to reproduce cryptographic keys that are supposedly inaccessible.
Unfortunately, ArsTechnica reports that this is a serious issue for Apple users as the chip-level vulnerability cannot be resolved through software updates. A potential workaround may mitigate the issue, but those methods trade performance for security.
Advice for Apple users
To protect their cryptocurrency assets, Apple users should:
Immediately update all of your devices to the latest software version.
Exercise caution when accessing websites and do not click on suspicious links.
Use additional security measures such as two-factor authentication (2FA) and hardware wallets.
Monitor security notifications and alerts from Apple and reputable experts.
