Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Apple Releases Critical iOS Update to Address Zero-Click Vulnerability Threatening Cryptocurrency Wallets
Apple has released an urgent security update to address a zero-click vulnerability that enabled hackers to infiltrate iPhones, iPads, and Macs, a defect that raises significant concerns for cryptocurrency holders who depend on Apple devices to safeguard their wallets.
In a notice published late Wednesday, Apple acknowledged the flaw, identified as CVE-2025-43300, which was found within its Image I/O framework, responsible for processing image files across various devices.
Apple Addresses Image-Based Vulnerability That Could Compromise Crypto on iPhones and Macs
The company cautioned that a maliciously designed image could lead to memory corruption, allowing attackers to execute arbitrary code on a targeted device without any user interaction.
“Apple is aware of reports suggesting that this issue may have been exploited in a highly sophisticated attack against specific individuals,” the company stated.
The update has been deployed as iOS 18.6.2 and iPadOS 18.6.2, along with patches for macOS Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8. Apple advised users to manually install the patch rather than waiting for automatic updates to mitigate potential exploitation.
The vulnerability poses a particular threat to those in the cryptocurrency field, cybersecurity experts have warned. Unlike traditional finance, where stolen assets can sometimes be retrieved, cryptocurrency transactions are irreversible.
If attackers gain access to wallet applications or exchange credentials stored on a compromised device, funds can be drained immediately. Experts pointed out that even an image attachment received via iMessage could suffice to compromise a vulnerable device.
Importantly, Apple indicated that the updates apply to all iPhones from the iPhone XS generation onward, including the latest iPhone 16 series. Supported iPads encompass the iPad Pro, iPad Air (third generation and later), iPad (sixth generation and later), and iPad mini (fifth generation and later). Mac users operating the three most recent versions of macOS are also included.
Security professionals stressed that cryptocurrency holders should exercise heightened caution. For individuals who suspect their devices may have been compromised, experts recommend transferring wallet keys, securing primary accounts such as email and cloud services, and documenting any unusual system behavior.
While device logs could theoretically reveal anomalies, analysts noted that in practice, they are challenging for non-specialists to interpret. Apple has not disclosed how many individuals may have been affected but stated that it does not comment on active threats until solutions are available.
The urgency of Apple’s warning echoes recent high-profile campaigns targeting cryptocurrency users. In 2024, cybersecurity firm Kaspersky disclosed that North Korea’s Lazarus Group exploited a Google Chrome zero-day vulnerability concealed within a fake blockchain game to install spyware and steal wallet credentials.
@Kaspersky finds that Lazarus Group exploited a zero-day vulnerability in Google Chrome using a fake blockchain-based game.#Kaspersky #LazarusGroup #CryptoHackhttps://t.co/dktO8iJXTw
— Cryptonews.com (@cryptonews) October 24, 2024
The group’s strategies included employing generative AI to entice victims, highlighting how advanced threat actors have evolved in their pursuit of digital assets.
Related Posts
Earlier that same year, Trust Wallet revealed it had received credible intelligence regarding a zero-day iMessage exploit being offered on the dark web for $2 million. At that time, the wallet provider cautioned that iOS users and the wider cryptocurrency ecosystem could be vulnerable to attackers seeking unauthorized access to personal data and digital assets.
While Apple emphasized that the latest attack seems to have targeted “specific individuals,” analysts warn that once knowledge of vulnerabilities spreads, broader exploitation is often likely to follow.
Crypto Hacks Exceed $2.2B in 2025 as Major Breaches Increase
Meanwhile, the global cryptocurrency industry has experienced a significant rise in security breaches in 2025, with CertiK reporting over $2.2 billion in losses from hacks and scams during the first half of the year.
Crypto investors have lost $2.2B to hacks and scams in H1 2025, with $187M recovered as threats shift, reports @CertiK.#CryptoSecurity #Cryptohacks https://t.co/5KCaVsYnbg
— Cryptonews.com (@cryptonews) June 30, 2025
Crypto investors have lost $2.2B to hacks and scams in H1 2025, with $187M recovered as threats shift, reports @CertiK.#CryptoSecurity #Cryptohacks https://t.co/5KCaVsYnbgMajor incidents, including Bybit’s $1.5 billion hack and Cetus Protocol’s $225 million exploit, skewed overall figures, but even excluding these events, losses remain substantial at approximately $690 million.
In July alone, $142 million in losses were recorded from 17 significant breaches, marking a 27.2% increase from June.
July crypto hack losses surge 27% to $142 million with CoinDCX’s $44 million insider breach and GMX’s $42 million exploit leading victims.#July #CryptoHackhttps://t.co/4UCMKaxUvI
— Cryptonews.com (@cryptonews) August 1, 2025
Hacks and scams have also been increasing in August. On August 14, Turkish exchange BtcTurk became the latest target, facing allegations of a $48 million exploit.
The exchange has since suspended deposits and withdrawals, citing “technical issues” in its hot wallets, but asserted that fiat transactions were unaffected.
The DeFi sector has also experienced damaging incidents. On August 8, CrediX Finance effectively disappeared after a $4.5 million exploit drained its resources. CertiK reported that the team’s X account went silent, its website went offline, and its Telegram channel was deleted.
The attack originated from compromised control of the project’s multisig wallet, allowing the minting of unsupported tokens. The team initially claimed to have negotiated the return of stolen funds, but no follow-up occurred, raising suspicions of an exit scam.
Ransomware has also intensified. A new group known as Embargo has laundered over $34 million in cryptocurrency since April 2024, primarily targeting U.S. healthcare providers with ransom demands exceeding $1 million.
TRM Labs suggests Embargo may be a rebranding of the now-defunct BlackCat operation, linking it to breaches at American Associated Pharmacies and several regional hospitals.
The post Apple Issues Urgent iOS Update to Fix Zero-Click Hack Putting Crypto Wallets at Risk appeared first on Cryptonews.
