Apple has issued an emergency security update to patch a zero-click vulnerability that allowed hackers to compromise iPhones, iPads, and Macs, a flaw raising serious alarm for crypto holders who rely on Apple devices to secure their wallets.
In an advisory published late Wednesday, Apple confirmed the bug, tracked as CVE-2025-43300, was discovered inside its Image I/O framework, which processes image files across devices.
Apple Patches Image-Based Exploit That Could Hijack Crypto on iPhones and Macs
The company warned that a maliciously crafted image could trigger memory corruption, giving attackers the ability to execute arbitrary code on a targeted device without requiring user interaction.
“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the company said.
The update was rolled out as iOS 18.6.2 and iPadOS 18.6.2, alongside patches for macOS Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8. Apple urged users not to wait for automatic updates and to install the patch manually to prevent potential exploitation.
The vulnerability is particularly dangerous for those in the cryptocurrency sector, cybersecurity experts warned. Unlike traditional finance, where stolen funds can sometimes be recovered, crypto transactions are irreversible.
If attackers gain access to wallet applications or exchange credentials stored on a compromised device, funds can be drained instantly. Experts noted that even an image attachment received via iMessage could be enough to compromise a vulnerable device.
Notably, Apple said the updates cover all iPhones from the iPhone XS generation onward, including the latest iPhone 16 series. Supported iPads include the iPad Pro, iPad Air (third generation and later), iPad (sixth generation and later), and iPad mini (fifth generation and later). Mac users running the three most recent versions of macOS are also covered.
Security professionals emphasized that crypto holders should take extra precautions. For individuals who suspect their devices may have been targeted, experts recommend migrating wallet keys, securing primary accounts such as email and cloud services, and documenting any unusual system behavior.
While device logs could, in theory, reveal anomalies, analysts noted that in practice they are difficult for non-specialists to interpret. Apple has not disclosed how many individuals may have been targeted but said it does not comment on active threats until fixes are available.
The urgency of Apple’s warning recalls recent high-profile campaigns targeting crypto users. In 2024, cybersecurity firm Kaspersky revealed that North Korea’s Lazarus Group exploited a Google Chrome zero-day vulnerability hidden inside a fake blockchain game to install spyware and steal wallet credentials.
The group’s tactics included using generative AI to lure victims, underscoring how advanced threat actors have grown in their pursuit of digital assets.
Earlier that same year, Trust Wallet disclosed it had received credible intelligence about a zero-day iMessage exploit being sold on the dark web for $2 million. At the time, the wallet provider warned that iOS users and the broader crypto ecosystem could be at risk from attackers seeking unauthorized access to personal data and digital assets.
While Apple stressed that the latest attack appears to have been aimed at “specific targeted individuals,” analysts caution that once knowledge of vulnerabilities spreads, broader exploitation often follows.
Crypto Hacks Top $2.2B in 2025 as Major Breaches Escalate
Meanwhile, the global crypto industry has faced a sharp escalation in security breaches in 2025, with CertiK reporting more than $2.2 billion in losses from hacks and scams during the first half of the year.
Major cases, including Bybit’s $1.5 billion hack and Cetus Protocol’s $225 million exploit, skewed overall figures, but even excluding these incidents, losses remain high at roughly $690 million.
In July alone, $142 million in losses were recorded from 17 major breaches, up 27.2% from June.
Hacks and scams have also been on the rise in August. On August 14, Turkish exchange BtcTurk became the latest target, facing allegations of a $48 million exploit.
The exchange has now suspended deposits and withdrawals, citing “technical problems” in its hot wallets, but maintained that fiat transactions were unaffected.
The DeFi sector has also seen damaging incidents. On August 8, CrediX Finance effectively vanished after a $4.5 million exploit drained its funds. CertiK reported the team’s X account went silent, its website went offline, and its Telegram channel was deleted.
The attack stemmed from compromised control of the project’s multisig wallet, enabling the minting of unbacked tokens. The team initially claimed to have negotiated the return of stolen funds, but no follow-up materialized, fueling suspicions of an exit scam.
Ransomware has also intensified. A new group known as Embargo has laundered over $34 million in crypto since April 2024, largely targeting U.S. healthcare providers with ransom demands exceeding $1 million.
TRM Labs suggests Embargo may be a rebrand of the defunct BlackCat operation, linking it to breaches at American Associated Pharmacies and several regional hospitals.
The post Apple Issues Urgent iOS Update to Fix Zero-Click Hack Putting Crypto Wallets at Risk appeared first on Cryptonews.
