TheCryptoUpdates
Crypto Scams

Apple Devices Vulnerable to Hackers Exploiting JavaScript Flaw for Crypto

Apple confirmed on Monday that its devices were under threat from an exploit that could allow for remote code execution via web-based JavaScript. This vulnerability could have potentially allowed hackers to trick users into parting with their cryptocurrency holdings.

In a recent security disclosure, Apple stated that users should utilise the most recent versions of its JavaScriptCore and WebKit software to rectify the vulnerability. Google’s threat analysis group initially discovered the bug, which facilitates the processing of “maliciously crafted web content” that could potentially result in a “cross-site scripting attack.”

Furthermore, Apple acknowledged that it was “aware of a report that this issue may have been actively exploited on Intel-based Mac systems.” A similar security disclosure was also issued for iPhone and iPad users. According to Apple, the JavaScriptCore vulnerability could have led to “arbitrary code execution” if users processed malicious web content.

Essentially, Apple identified a security flaw that could allow hackers to seize control of an iPhone or iPad if a harmful website was visited. The company assured users that an update should rectify the problem.

Crypto cybersecurity firm Trugard’s CTO and co-founder, Jeremiah O’Connor, explained to Decrypt that “attackers could access sensitive data like private keys or passwords” stored in their browser. This could potentially enable crypto theft if the user’s device remained unpatched.

News about the vulnerability spread quickly within the crypto community, with former Binance CEO Changpeng Zhao warning users of Macbooks with Intel CPUs to update their systems immediately in a tweet on Wednesday.

Earlier reports in March indicated that security researchers had identified a vulnerability in Apple’s previous generation chips—its M1, M2, and M3 series—which could potentially allow hackers to steal cryptographic keys. This exploit, which is not new, uses “prefetching,” a process employed by Apple’s M-series chips to expedite interactions with the company’s devices. Prefetching could potentially be exploited to store sensitive data in the processor’s cache before accessing it to reconstruct a supposedly inaccessible cryptographic key.

This is a significant issue for Apple users, as ArsTechnica reports that a chip-level vulnerability cannot be rectified through a software update. While potential workarounds can alleviate the problem, these solutions generally sacrifice performance for security.

 

Related Articles

Bitcoin Hedge Fund Fined $2.5 Million for Ponzi Scheme

Kesarwani

FBI Warns of Fake Play-to-Earn Cryptocurrency Gaming Apps

$68 Million Crypto Pyramid Scheme, 8 Men Involved Arrested in Japan

Kesarwani
Desktop Banner
Mobile Banner