Apple patches iOS zero-day that put crypto wallets at risk via malicious images

Apple has released iOS 18.6.2 and iPadOS 18.6.2 together with macOS Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8 to repair a zero-day within the ImageIO framework that was exploited within the wild.

Per Apple, processing a malicious picture may corrupt reminiscence, enabling code execution, and the corporate is conscious of a report of use in an especially refined assault focusing on particular people.

The flaw sits in ImageIO, the element that parses widespread picture codecs, which makes supply by way of on a regular basis channels, together with messaging apps and internet content material, simple from an attacker’s perspective. As safety retailers reported, the bug is tracked as CVE-2025-43300 and stems from an out-of-bounds write that Apple addressed with improved bounds checking.

The crypto angle is direct. Pockets homeowners typically copy and paste recipient addresses, and plenty of maintain restoration phrases in screenshots or photograph storage for comfort. Analysis this 12 months documented households of cell spyware and adware and stealers that scan galleries utilizing optical character recognition and exfiltrate photos with seed phrases, in addition to strains that monitor the clipboard to swap addresses throughout a transaction.

As Kaspersky reported, SparkCat and its successor SparkKitty used OCR to reap seed phrases from pictures on each iOS and Android, together with samples noticed on official app shops.

A compromise achieved via a booby-trapped picture can, subsequently, act as an preliminary foothold to allow gallery scraping for restoration phrases, surveillance of crypto app exercise, and clipboard hijacking throughout on-chain transfers. Earlier research on clipboard hijackers explains how tackle strings are silently changed to redirect funds throughout copy-paste, a tactic lengthy utilized by drainer operations.

The present incident additionally matches a sample of high-value iOS exploit chains used in opposition to focused customers. In 2023, Citizen Lab documented a zero-click chain, dubbed Blastpass, used to ship business spyware and adware, demonstrating how picture and message parsing bugs may be linked for machine takeover with out person interplay.

That historic baseline, coupled with Apple’s acknowledgment of real-world use within the current case, frames the chance for crypto customers who depend on cell units as major signing endpoints.

Influence spans latest iPhone fashions and iPads lined by iOS 18 and iPadOS 18, together with iPhone XS and later, plus supported Macs on Sequoia, Sonoma, and Ventura. Customers can confirm safety by confirming iOS or iPadOS 18.6.2, macOS Sequoia 15.6.1, Sonoma 14.7.8, or Ventura 13.7.8 in Settings, then rebooting after set up.

Safety retailers urged speedy updates following Apple’s launch and disclosure.

For a crypto-savvy viewers, the operational takeaway is to shut publicity by updating and to cut back post-exploit blast radius by shifting seed storage off photograph libraries, reviewing app photograph permissions, limiting clipboard entry, and treating cell wallets as scorching environments with strict hygiene.

Apple’s notes state the foundation trigger was an out-of-bounds write in ImageIO that’s now mitigated with stricter bounds checks, and the corporate confirmed exploitation studies when delivery the patch.

The submit Apple patches iOS zero-day that put crypto wallets at risk via malicious images appeared first on CryptoSlate.