- Binance’s former CEO cautions Mac users on a major security vulnerability.
- Apple has a history of security flaws that can lead to crypto losses, calling for safeguards.
Changpeng Zhao (CZ), the former CEO of Binance Exchange, recently informed the crypto community of a new vulnerability targeted at Intel-based Mac users. The vulnerability affecting iPhones and iPads may expose users’ digital assets.
Zhao Sounds An Alarm
Taking to the X platform, Zhao urged Mac users with Intel-based chips to update their devices, following a zero-day exploit on November 19. “If you use a Macbook with an Intel-based chip, update asap. Stay SAFU,” CZ wrote.
If you use a Macbook with Intel based chip, update asap!
Stay SAFU!https://t.co/mk2Jsicnte
— CZ
BNB (@cz_binance) November 20, 2024
Zero-day vulnerabilities are flaws identified and exploited by hackers before a patch becomes available. The term “zero-day” refers to developers having limited time to fix the vulnerability upon discovery.
These vulnerabilities pose a high risk because the longer they remain undetected, the longer attackers have to exploit them. It can result in severe consequences for end users, such as data breaches, financial loss, privacy violations, and disruption.
Apple confirmed the attack in a postmortem and introduced major macOS and iOS security updates to prevent further damage. The company urged users to update to iOS 18.1.1, macOS Sequoia 15.1.1, and the older iOS 17.7.2. Apple described one of the addressed vulnerabilities as a cookie management issue.
The tech giant identified the vulnerabilities as CVE-2024-44308 and CVE-2024-44309, which affected macOS Sequoia’s JavaScriptCore and WebKit components. Hackers can use this to execute “cross-site scripting attacks” and covertly launch malicious code.
Cross-site scripting (XSS) is a web security attack that involves injecting malicious scripts into legitimate websites or applications. Crypto hackers have previously used similar vulnerabilities on Mac and Windows computers to steal wallet passwords and insert malware to steal private keys and digital assets.
Researchers at Google’s Threat Analysis Group, notorious for probing government-backed hacks, initially uncovered the latest vulnerabilities. As a result, speculation has grown over the possible involvement of state-sponsored actors. Meanwhile, Apple has yet to share any details regarding the extent of the damage other than the fact that the vulnerabilities were “actively exploited.”
Concerns For Apple and MacOS Users
Apple users have been at risk on several occasions this year alone despite the Company’s stellar reputation for security. CNF reported earlier this month that North Korean hackers exploited macOS with malware hidden in decoy PDFs to steal crypto keys.
In March, researchers discovered a flaw in Apple’s M-series chips that hackers could leverage to retrieve cryptographic keys stored in the CPU’s cache. A month later, Web3 wallet provider Trust Wallet warned about another zero-day exploit in Apple’s iMessage framework. This attack allowed hackers to infiltrate iPhones without any user interaction.
Amid these attacks, Apple launched the iPhone 16, its first smartphone with native Artificial Intelligence (AI) support. As CNF noted, the news stirred excitement among holders of AI crypto tokens.
