Apple has urgently released software updates for iOS and macOS devices to address a critical vulnerability that could expose cryptocurrency holders to hacks. Users are strongly advised to update their devices to iOS 16.4.1 and macOS 13.3.1 as soon as possible, according to security firm Kaspersky.
The discovered security flaw enables hackers to “do almost anything” on targeted devices, including stealing cryptocurrency. Apple identified two security threats, CVE-2023-28205 and CVE-2023-28206, which, when combined, allow bad actors to launch zero-click exploits. These attacks direct victims to phishing websites where malware is automatically installed on their devices, without any interaction from the user.
Once the malware is installed, attackers can take control of the device and execute code without needing the operating system’s core permissions. This level of control allows hackers to access and potentially steal cryptocurrency wallets stored on users’ devices.
The rise in cryptocurrency phishing attacks has become a significant concern for users. Kaspersky’s report showed a 40% increase in crypto phishing detections, from 3,596,437 in 2021 to 5,040,520 in 2022. Typically, phishing websites use slightly altered spelling to deceive unsuspecting users, tricking them into connecting their wallets, which can then be drained of crypto tokens and non-fungible tokens (NFTs).
To further exacerbate the issue, some cybercriminals use Google Ads to promote their phishing websites, often placing them at the top of search results. In October, a fake CoinMarketCap link appeared above the legitimate website due to a malicious ad.