iPhone-maker AppleAAPL has rushed out security updates to patch two zero-day exploits that were discovered this week and sparked fears attackers could use the vulnerability to steal cryptocurrency.
Subscribe now to Forbes’ CryptoAsset & Blockchain Advisor and successfully navigate the bitcoin and crypto market rollercoaster
Spyware research group Citizen Lab discovered the previously unknown hacking technique and notified Apple before outlining the exploit in a blog post.
Now, Changpeng “CZ” Zhao, the chief executive of crypto exchange Binance, has warned iPhone, iOS and iPadOS users to update their devices “immediately.”
It’s at the start of a bull run you need up-to-date information the most! Sign up now for the free CryptoCodex—A daily newsletter for traders, investors and the crypto-curious that will keep you ahead of the market
“The Apple iOS/iPadOS 16.6.1 updates today includes a security patch to an iMessage vulnerability that allows remote code execution without any interactions from the victim. It is being exploited in the wild … Update [your iPhone] immediately,” CZ posted to X (Twitter), adding: “Stay #SAFU”—referring to Binance’s secure asset fund for users.
The zero-click exploit—meaning the victim doesn’t have to tap or click anything— has already been used to install spyware called Pegasus onto an iPhone owned by an employee of a Washington DC-based civil society organization, according to Citizen Lab.
The exploit uses PassKit—the framework behind iPhone apps Apple Pay and Wallet—to send malicious images from the attacker via iMessage to the victim.
“The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab researchers wrote.
“Once more, civil society is serving as the cybersecurity early warning system for billions of devices around the world,” Citizen Lab senior researcher John Scott-Railton posted to X (Twitter). “Including you, if you’re reading this on your iPhone. Or Mac.”
The stark iPhone warning comes amid an Apple stock sell-off ahead of the latest iPhone unveiling on 12 September that’s wiped away around $200 billion of market value and was triggered by a China government crackdown on iPhone use.
Follow me on Twitter.