Flaws in iOS and macOS threaten users’ crypto assets

Two critical vulnerabilities have been found in Apple’s operating systems, enabling attackers to obtain superuser privileges on the victim’s device. reported by Kaspersky Lab experts.

\n\n\n\n

The first exploit is in the WebKit browser engine, which is used to render web pages.

\n\n\n\n

“This makes it possible to compromise an iPhone, iPad or Mac without any action on the part of the user — you simply need to lure them to a specially crafted malicious site,” the specialists noted.

\n\n\n\n

Using the second vulnerability in the IOSurfaceAccelerator object, attackers execute code with kernel privileges, gaining full control over the device.

\n\n\n\n

Journalist Colin Wu noted that this potentially threatens the security of users’ crypto assets.

\n\n\n\n

A very serious vulnerability has been found again in Apple’s operating system. Attackers can gain root privileges, which may compromise the security of users’ crypto assets. Requires updating to iOS 16.4.1 and macOS 13.3.1. H/T @IM_23pds https://t.co/n5zSSt0sWD

— Wu Blockchain (@WuBlockchain) April 18, 2023

\n\n\n\n

To address the vulnerabilities, Apple has already issued updates not only for the latest operating systems but also for several earlier versions.

\n\n\n\n

Kaspersky Lab researchers suggested that the exploits are actively being used by unknown attackers to install spyware.

\n\n\n\n

Earlier in March, it was reported that malicious versions of certain macOS programs were infected with a hidden Monero miner.