.webp)
6 Minutes
Apple rushes to patch image-based zero-click vulnerability putting crypto wallets at risk
Apple has released an urgent security update to close a zero-click vulnerability that could allow attackers to compromise iPhones, iPads, and Macs — a threat that security experts say could lead to immediate, irreversible losses for cryptocurrency holders. Tracked as CVE-2025-43300, the flaw was found in Apple’s Image I/O framework, which handles image processing across Apple devices.
What the exploit does and why crypto users should care
According to Apple’s advisory, a specially crafted image file could trigger memory corruption in the Image I/O component and enable remote code execution without any user interaction. That means simply receiving an image — via iMessage, Mail, or another app — could be enough for attackers to run arbitrary code on a vulnerable device.
For anyone who stores private keys, wallet credentials, or exchange logins on their phone or tablet, that scenario is particularly dangerous. Unlike traditional bank transfers, cryptocurrency transactions are irreversible: if attackers drain a wallet or gain access to an exchange account, recovering funds is often impossible.
Updates and affected devices
Apple shipped immediate patches as iOS 18.6.2 and iPadOS 18.6.2 and also released updates for macOS Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8. The company said the fix covers iPhones starting from the iPhone XS generation through the iPhone 16 range, supported iPads including iPad Pro, iPad Air (3rd gen and later), iPad (6th gen and later), and iPad mini (5th gen and later), plus Macs running the three most recent macOS releases.
Apple urged users to install the patch manually rather than waiting for automatic updates to avoid potential exploitation.
Immediate mitigation steps for crypto users
Security professionals recommend that anyone in the crypto ecosystem take immediate precautions:
- Install the Apple security updates manually on all iPhones, iPads, and Macs you control.
- Move private keys and seed phrases off devices that may have been compromised. Consider migrating wallets to a hardware wallet (cold storage) such as a certified ledger or other reputable device.
- Revoke app permissions and reauthenticate critical services like email, cloud storage, and exchange accounts. Reset passwords and enable strong, unique passphrases plus multi-factor authentication (MFA) where possible.
- If you suspect compromise, document unusual system behavior, but be aware that device logs can be difficult for non-specialists to interpret.
These steps reduce the risk of attackers leveraging a single compromised device to access wallet apps, custodial exchange credentials, or cloud-synced backups that could expose private keys.
.avif)
Context: growing sophistication of attacks on crypto users
Apple noted that it had received reports suggesting this vulnerability may have been used in targeted, highly sophisticated attacks. While the company did not disclose how many people may have been targeted, security analysts warn that once a vulnerability becomes public knowledge, broader exploitation often follows.
The urgency of this patch echoes recent targeted campaigns against crypto holders. In 2024, Kaspersky detailed how North Korea’s Lazarus Group used a Google Chrome zero-day hidden in a fake blockchain game to install spyware and harvest wallet credentials, at times leveraging generative AI to lure victims. Earlier that year, Trust Wallet warned of a zero-day iMessage exploit reportedly offered on the dark web for $2 million — underscoring how valuable zero-click and iMessage vulnerabilities are to threat actors seeking digital assets.
Wider crypto security landscape in 2025
The zero-click patch arrives amid an escalation of crypto-sector losses in 2025. CertiK reported more than $2.2 billion lost to hacks and scams in the first half of the year. Large incidents skewed totals — for example, Bybit suffered a $1.5 billion breach and Cetus Protocol lost $225 million — but even excluding those, losses were around $690 million. In July alone, 17 major breaches resulted in roughly $142 million in losses, a 27.2% increase from June.
High-profile incidents in August included allegations of a $48 million exploit at Turkish exchange BtcTurk, which suspended hot-wallet deposits and withdrawals while maintaining fiat operations. DeFi and smart-contract projects remain targets too: on August 8, CrediX Finance reportedly vanished after a $4.5 million exploit that abused control of the project’s multisig wallet to mint unbacked tokens.
Ransomware groups amplify the threat picture. A new group called Embargo has laundered over $34 million in crypto since April 2024, allegedly rebranding from the defunct BlackCat operation and targeting U.S. healthcare organizations with ransom demands often exceeding $1 million.
Key takeaways for individuals and institutions
- Treat device security as a first-line defense for wallet protection. Even sophisticated on-chain defenses can be bypassed if private keys or recovery phrases are compromised on a vulnerable device.
- Always install security patches promptly. Zero-click vulnerabilities like CVE-2025-43300 are prized by attackers because they remove the need for social engineering steps.
- Favor hardware wallets and offline key custody for significant holdings. Where custodial services are used, apply strict operational security, including dedicated devices, MFA, and frequent credential rotation.
- Monitor official advisories from platform vendors (Apple, Google) and follow best practices from reputable security firms and audit services.
By installing Apple’s updates immediately and reviewing wallet custody practices, crypto users and organizations can reduce their exposure to device-based spyware and other advanced threats that aim for irreversible asset theft.
Comments