Apple patches iOS zero-day that put crypto wallets at risk via malicious images

2 hours ago

Apple released iOS 18.6.2 and iPadOS 18.6.2 connected Aug. 20, 2025, on with macOS Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8, to hole a zero-day successful the ImageIO model that was exploited successful the wild.

Per Apple, processing a malicious representation could corrupt memory, enabling codification execution, and the institution is alert of a study of usage successful an highly blase onslaught targeting circumstantial individuals.

The flaw sits successful ImageIO, the constituent that parses communal representation formats, which makes transportation via mundane channels, including messaging apps and web content, straightforward from an attacker’s perspective. As information outlets reported, the bug is tracked arsenic CVE-2025-43300 and stems from an out-of-bounds constitute that Apple addressed with improved bounds checking.

The crypto space is direct. Wallet owners often transcript and paste recipient addresses, and galore support betterment phrases successful screenshots oregon photograph retention for convenience. Research this twelvemonth documented families of mobile spyware and stealers that scan galleries utilizing optical quality designation and exfiltrate images with effect phrases, arsenic good arsenic strains that show the clipboard to swap addresses during a transaction.

As Kaspersky reported, SparkCat and its successor SparkKitty utilized OCR to harvest effect phrases from photos connected some iOS and Android, including samples observed connected authoritative app stores.

A compromise achieved done a booby-trapped representation can, therefore, enactment arsenic an archetypal foothold to alteration assemblage scraping for betterment phrases, surveillance of crypto app activity, and clipboard hijacking during on-chain transfers. Previous research connected clipboard hijackers explains however code strings are silently replaced to redirect funds during copy-paste, a maneuver agelong utilized by drainer operations.

The existent incidental besides fits a signifier of high-value iOS exploit chains utilized against targeted users. In 2023, Citizen Lab documented a zero-click chain, dubbed Blastpass, utilized to present commercialized spyware, demonstrating however representation and connection parsing bugs tin beryllium linked for instrumentality takeover without idiosyncratic interaction.

That humanities baseline, coupled with Apple’s acknowledgment of real-world usage successful the contiguous case, frames the hazard for crypto users who trust connected mobile devices arsenic superior signing endpoints.

Impact spans caller iPhone models and iPads covered by iOS 18 and iPadOS 18, including iPhone XS and later, positive supported Macs connected Sequoia, Sonoma, and Ventura. Users tin verify extortion by confirming iOS oregon iPadOS 18.6.2, macOS Sequoia 15.6.1, Sonoma 14.7.8, oregon Ventura 13.7.8 successful Settings, past rebooting aft installation.

Security outlets urged contiguous updates pursuing Apple’s merchandise and disclosure.

For a crypto-savvy audience, the operational takeaway is to adjacent vulnerability by updating and to trim post-exploit blast radius by moving effect retention disconnected photograph libraries, reviewing app photograph permissions, limiting clipboard access, and treating mobile wallets arsenic blistery environments with strict hygiene.

Apple’s notes authorities the basal origin was an out-of-bounds constitute successful ImageIO that is present mitigated with stricter bounds checks, and the institution confirmed exploitation reports erstwhile shipping the patch.

The station Apple patches iOS zero-day that enactment crypto wallets astatine hazard via malicious images appeared archetypal connected CryptoSlate.

View source