Kaspersky, a cybersecurity and anti-virus provider, has identified flaws in Apple’s operating systems that they describe as “very serious.” They are now advising gadget owners, including crypto holders, to update their devices and stay secure from hacks that exploit vulnerabilities in outdated systems and networks.

The Flaw On Apple Smartphones And Computers

The cybersecurity firm recommends users update their phones’ operating systems to iOS 16.4.1. Meanwhile, computer users should upgrade their operating systems to macOS 13.3.1. Considering the seriousness of the security hole picked out, Apple has also released updates for older operating systems. 

Kaspersky noted that two vulnerabilities had been picked out. The first one, dubbed CVE-2023-28205, affects the WebKit engine, which powers the Safari browser; the default surfing interface in Apple devices.

Through this flaw, a hacker or a malicious agent can execute arbitrary code on a device whenever the user browses an infected page. The second hole affected the IOSurfaceAccelerator object. An attacker can execute code using the operating system’s core permissions through this hole. 

It should be noted that the two can also enable the other. For instance, the attacker can first infect the device through the WebKit Engine flaw before executing code via the device’s software core permissions. Since the attacker has core permissions, they can virtually do anything on the infected device. 

It is made worse because, considering Apple’s system, the WebKit Engine is the only permitted browser engine in Apple’s smartphones. As such, regardless of any other browser a user may choose, like Chrome or Firefox, the WebKit Engine is used for rendering pages. This means even a page opened directly from an application within the phone can still be affected since the browser engine will still be required.

Crypto Phishing Attacks

The severity of this flaw is especially a concern for cryptocurrency users. The digital nature of crypto assets and the general nascence of the underlying blockchain technology mean users have to be cautious to protect their assets. 

A recent Kaspersky report reveals that crypto phishing attacks rose 40% in 2022. By exploiting unpatched errors, a nefarious agent can successfully execute phishing attacks by creating fake wallets and websites that may trick users into submitting their private keys and other critical information.

This month, a crypto holder lost $50,000 worth of cryptocurrencies after a hacker exploited a vulnerability on his Samsung Galaxy smartphone and accessed LastPass, a password management tool. Two of his wallets were compromised, and his tokens were converted to Bitcoin before being transferred.