All news is rigorously fact-checked and reviewed by leading blockchain experts and seasoned industry insiders.
- Former Binance CEO warns Mac users of major security vulnerabilities.
- Apple has a history of security flaws that can lead to crypto losses, so safeguards need to be put in place.
Changpeng Zhao (CZ), former CEO of Binance Exchange, recently informed the crypto community of a new vulnerability targeted at Intel-based Mac users. The vulnerability affecting iPhones and iPads could expose users’ digital assets.
Zhao Sounds the Alarm
Taking on the X platform, Zhao urged Mac users with Intel-based chips to update their devices, following the zero-day exploit on November 19. “If you are using a Macbook with an Intel-based chip, update it ASAP. Stay SAFU,” wroteCZ .
If you’re using a Macbook with an Intel-based chip, update ASAP!
Stay SAFU!https://t.co/mk2Jsicnte
– CZ 🔶 BNB (@cz_binance) November 20, 2024
A zero-day vulnerability is a weakness identified and exploited by hackers before a patch is available. The term “zero-day” refers to developers who have a limited amount of time to fix vulnerabilities after they are discovered.
These vulnerabilities pose a high risk because the longer they go undetected, the longer attackers have time to exploit them. This can result in severe consequences for end users, such as data breaches, financial losses, privacy violations, and disruptions.
Apple confirmed the attack in a postmortem and introduced major macOS and iOS security updates to prevent further damage. The company urged users to update to iOS 18.1.1, macOS Sequoia 15.1.1, and older iOS 17.7.2. Apple describes one of the vulnerabilities addressed as a cookie management issue.
The tech giant identified the vulnerabilities as CVE-2024-44308 and CVE-2024-44309, which affect macOS Sequoia’s JavaScriptCore and WebKit components. Hackers can use this to execute “cross-site scripting attacks” and silently launch malicious code.
Cross-site scripting (XSS) is a web security attack that involves injecting malicious scripts into a legitimate website or application. Crypto hackers have previously used similar vulnerabilities on Mac and Windows computers to steal wallet passwords and insert malware to steal private keys and digital assets.
Researchers at Google’s Threat Analysis Group, known for investigating government-backed hacks, initially discovered the latest vulnerability. As a result, speculation grew regarding the possible involvement of state-sponsored actors. Meanwhile, Apple has not shared any details regarding the extent of the damage other than the fact that the vulnerability was “actively exploited.”
Concerns for Apple and MacOS Users
Apple users have faced risks on several occasions this year alone despite the Company’s stellar reputation for security. CNF reported earlier this month that North Korean hackers exploited macOS with malware hidden in decoy PDFs to steal crypto keys.
In March, researchers discovered a flaw in Apple’s M-series chips that hackers could exploit to retrieve cryptographic keys stored in the CPU cache. A month later, Web3 wallet provider Trust Wallet warned about another zero-day exploit in Apple’s iMessage framework. This attack allowed hackers to infiltrate iPhones without user interaction.
In the midst of these attacks, Apple launched the iPhone 16, its first smartphone with Artificial Intelligence (AI) support. As CNF notes, the news generated excitement among AI crypto token holders.
