Business Sandesh Indian Newspaper | Articles | Opinion Pieces | Research Studies | Findings & News | Sandesh News
Apple issued urgent security updates on August 21, 2025, to fix a critical zero-click vulnerability (CVE-2025-43300) in its Image I/O framework, posing severe risks to cryptocurrency users. The flaw, exploited in targeted attacks, allowed hackers to execute code remotely via malicious images sent through iMessage, potentially compromising iPhones, iPads, and Macs without user interaction. This could enable theft of crypto wallet keys or credentials, with irreversible financial losses due to the nature of blockchain transactions.
The vulnerability, stemming from an out-of-bounds write issue, affected devices running iOS before 18.6.2, iPadOS before 17.7.10 or 18.6.2, macOS Ventura before 13.7.8, Sonoma before 14.7.8, and Sequoia before 15.6.1. Apple confirmed “sophisticated” attacks targeting high-value individuals, including crypto holders, and patched the flaw with enhanced bounds checking. Cybersecurity expert Juliano Rizzo of Coinspect urged immediate updates and advised high-net-worth users to migrate wallet keys if compromise is suspected, securing email and cloud accounts to prevent further access.
Users can update via Settings > General > Software Update on iOS/iPadOS or System Settings > General > Software Update on macOS. Enabling automatic updates is recommended. For added protection, experts suggest disabling automatic image downloads in messaging apps like Telegram (Settings > Data and Storage). The US Cybersecurity and Infrastructure Security Agency (CISA) listed the flaw in its Known Exploited Vulnerabilities catalog, mandating federal agencies to update by September 11, 2025.
With crypto losses from hacks exceeding $2.2 billion in H1 2025, per CertiK, this incident underscores the need for proactive security. Apple’s swift response highlights the escalating threat to digital assets, urging users to prioritize updates and robust wallet hygiene.
