Apple acknowledged on Monday that its devices were susceptible to an exploit that enabled the execution of remote malicious code via web-based JavaScript. This attack vector could have potentially deprived unsuspecting victims of their crypto.
Users are required to utilize the most recent versions of Apple’s JavaScriptCore and WebKit software in order to mitigate the vulnerability, as indicated by a recent security disclosure.
Researchers from Google’s threat analysis division identified the bug, which permits the “processing of maliciously crafted web content,” which could result in a “cross-site scripting attack.”
Apple also acknowledged that it is “aware of a report that this issue may have been actively exploited on Intel-based Mac systems,” which is even more concerning.
A comparable security disclosure was also issued by Apple for iPad and iPhone users. It is stated that the JavaScriptCore vulnerability enables “arbitrary code execution through the processing of maliciously crafted web content.”
In other words, Apple became aware of a security vulnerability that could allow hackers to take control of a user’s iPhone or iPad if they access a harmful website. Apple stated that the matter should be resolved through an update.
Decrypt was informed by Jeremiah O’Connor, CTO and co-founder of Trugard, a crypto cybersecurity firm, that “attackers could access sensitive data like private keys or passwords” cached in their browser. This could result in crypto theft if the user’s device remained unpatched.
On Wednesday, the crypto community’s vulnerability was disclosed through social media. Changpeng Zhao, the former CEO of Binance, issued a tweet in which he advised users of Macbooks with Intel CPUs to update as soon as feasible.
The development is in response to March reports that security researchers had identified a vulnerability in Apple’s previous generation processors, specifically the M1, M2, and M3 series, that could allow hackers to steal cryptographic keys.
The exploit, which is not novel, leverages “prefetching,” a procedure employed by Apple’s own M-series chips to expedite interactions with the company’s devices. Prefetching can be utilized to store sensible data in the processor’s cache and subsequently access it to reconstruct a cryptographic key that is intended to be inaccessible.
Regrettably, ArsTechnica indicates that this is a substantial concern for Apple users, as a chip-level vulnerability cannot be resolved through a subsequent software update.
A potential solution may alleviate the issue; however, in exchange for security, it sacrifices performance.
