Apple Again Has A Serious Security Vulnerability That Can Lose Crypto Assets
- Apple’s operating system has once again been proven to have critical vulnerabilities.
- Attackers may get root rights, jeopardizing the security of users’ crypto assets.
Very critical flaws in Apple’s operating systems that have been discovered can lead to loss of property, crypto, or personal information.
Two vulnerabilities were found in total. The first vulnerability, CVE-2023-28205, affects the WebKit engine, which serves as the foundation for the Safari browser. The malicious core of this issue is that the bad guys may execute arbitrary code on a device by utilizing a properly designed website.
CVE-2023-28206, the second vulnerability, was identified in the IOSurfaceAccelerator object. It may be used by attackers to run programs with operating system core rights.
As a result, these two vulnerabilities may be leveraged in tandem: the first helps to first enter the device, and allow the second to be exploited. Scammers may then “escape from the sandbox” and do nearly anything with the compromised gadget.
The flaws may be detected in both macOS desktop and mobile operating systems, including iOS, iPadOS, and tvOS. Not only are the recent versions of these operating systems most susceptible, but so are prior generations, therefore Apple has issued fixes for a wide variety of devices.
The WebKit engine is the only one supported by Apple’s mobile operating systems. WebKit will still be utilized to render web pages on your iPhone regardless of whatever browser you use.
WebKit vulnerabilities, such as the one mentioned above, allow for “zero-click” infection of an iPhone, iPad, or Mac. That is, the device gets infected without any active user activity – just luring them to a carefully designed malicious website is enough.
This may result in the loss of your property and your device’s personal and confidential information. Here can be application passwords, crypto assets, and important documents.
Not only Apple but technology giants are also having a headache about security when scammers are increasing, and their tricks are increasingly sophisticated. On January 14, an individual claimed to have mistakenly downloaded malware detected via a Google Adwords search result, losing all of their nonfungible tokens (NFT) and crypto.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu