BPOI Banner
Apple Admits to Security Vulnerability That Leaves Crypto Users Exposed—Here's What You Should Do Apple Admits to Security Vulnerability That Leaves Crypto Users Exposed—Here's What You Should Do

Apple Admits to Security Vulnerability That Leaves Crypto Users Exposed—Here’s What You Should Do

Apple confirmed Monday its devices were left vulnerable to an exploit that allowed for remote malicious code execution through web-based JavaScript, opening up an attack vector that could have part unsuspecting victims from their crypto.

According to a recent Apple security disclosure, users must use the latest versions of its JavaScriptCore and WebKit software to patch the vulnerability. 

The bug, discovered by researchers at Google’s threat analysis group, allows for “processing maliciously crafted web content,” which could lead to a “cross-site scripting attack.”

More alarmingly, Apple also admitted it “is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.”

Apple also issued a similar security disclosure for iPhone and iPad users. Here, it says, the JavaScriptCore vulnerability allowed for “processing maliciously crafted web content may lead to arbitrary code execution.” 

In other words, Apple became aware of a security flaw that could let hackers take control of a user’s iPhone or iPad if they visit a harmful website. An update should solve the issue, Apple said.

Jeremiah O’Connor, CTO and co-founder of crypto cybersecurity firm Trugard, told Decrypt that “attackers could access sensitive data like private keys or passwords” stored in their browser, enabling crypto theft if the user’s device remained unpatched.

Revelations of the vulnerability within the crypto community began circulating on social media on Wednesday, with former Binance CEO Changpeng Zhao raising the alarm in a tweet advising that users of Macbooks with Intel CPUs should update as soon as possible.

The development follows March reports that security researchers have discovered a vulnerability in Apple’s previous generation chips—its M1, M2, and M3 series that could let hackers steal cryptographic keys.

The exploit, which isn’t new, leverages “prefetching,” a process used by Apple’s own M-series chips to speed up interactions with the company’s devices. Prefetching can be exploited to store sensible data in the processor’s cache and then access it to reconstruct a cryptographic key that is supposed to be inaccessible.

Unfortunately, ArsTechnica reports that this is a significant issue for Apple users since a chip-level vulnerability can not be solved through a software update. 

A potential workaround can alleviate the problem, but those trade performance for security.

Edited by Stacy Elliott and Sebastian Sinclair

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.

Source link

Adrian Zmudzinski

https://decrypt.co/293001/apple-admits-to-security-vulnerability-that-leaves-crypto-users-exposed-heres-what-you-should-do

2024-11-22 04:20:22

bitcoin
Bitcoin (BTC) $ 98,675.44 0.16%
ethereum
Ethereum (ETH) $ 3,468.40 0.56%
tether
Tether (USDT) $ 0.999223 0.04%
xrp
XRP (XRP) $ 2.29 1.86%
bnb
BNB (BNB) $ 701.71 1.02%
solana
Solana (SOL) $ 197.98 0.85%
dogecoin
Dogecoin (DOGE) $ 0.330863 1.42%
usd-coin
USDC (USDC) $ 1.00 0.06%
staked-ether
Lido Staked Ether (STETH) $ 3,464.66 0.50%
cardano
Cardano (ADA) $ 0.911284 2.55%
tron
TRON (TRX) $ 0.257394 0.00%
avalanche-2
Avalanche (AVAX) $ 40.32 2.60%
chainlink
Chainlink (LINK) $ 24.46 1.50%
the-open-network
Toncoin (TON) $ 5.98 3.66%
wrapped-steth
Wrapped stETH (WSTETH) $ 4,111.72 0.79%
shiba-inu
Shiba Inu (SHIB) $ 0.000023 1.18%
sui
Sui (SUI) $ 4.51 3.81%
wrapped-bitcoin
Wrapped Bitcoin (WBTC) $ 98,200.31 0.05%
hedera-hashgraph
Hedera (HBAR) $ 0.314699 2.45%
stellar
Stellar (XLM) $ 0.383416 5.25%
polkadot
Polkadot (DOT) $ 7.47 0.85%
weth
WETH (WETH) $ 3,466.09 0.77%
hyperliquid
Hyperliquid (HYPE) $ 28.18 8.28%
bitcoin-cash
Bitcoin Cash (BCH) $ 460.50 2.92%
leo-token
LEO Token (LEO) $ 9.49 0.32%
uniswap
Uniswap (UNI) $ 13.83 4.97%
litecoin
Litecoin (LTC) $ 108.92 0.27%
bitget-token
Bitget Token (BGB) $ 5.70 15.63%
pepe
Pepe (PEPE) $ 0.000018 4.20%
wrapped-eeth
Wrapped eETH (WEETH) $ 3,664.13 0.52%
near
NEAR Protocol (NEAR) $ 5.42 2.42%
ethena-usde
Ethena USDe (USDE) $ 0.998953 0.00%
aave
Aave (AAVE) $ 372.05 1.23%
usds
USDS (USDS) $ 0.999273 0.12%
aptos
Aptos (APT) $ 9.61 1.93%
internet-computer
Internet Computer (ICP) $ 11.16 0.22%
polygon-ecosystem-token
POL (ex-MATIC) (POL) $ 0.513999 2.54%
crypto-com-chain
Cronos (CRO) $ 0.157236 5.79%
vechain
VeChain (VET) $ 0.051644 2.43%
mantle
Mantle (MNT) $ 1.24 0.47%
ethereum-classic
Ethereum Classic (ETC) $ 27.25 3.14%
render-token
Render (RENDER) $ 7.52 4.14%
bittensor
Bittensor (TAO) $ 502.14 0.85%
monero
Monero (XMR) $ 196.50 2.48%
whitebit
WhiteBIT Coin (WBT) $ 25.06 0.62%
mantra-dao
MANTRA (OM) $ 3.76 0.10%
fetch-ai
Artificial Superintelligence Alliance (FET) $ 1.35 2.69%
dai
Dai (DAI) $ 1.00 0.01%
arbitrum
Arbitrum (ARB) $ 0.798785 2.62%
filecoin
Filecoin (FIL) $ 5.29 3.41%