Binance’s CZ Alerts Crypto Users to macOS and iPhone Exploit

Binance’s CZ alerted Intel-based Mac and iPhone crypto users to a critical zero-day exploit, urging immediate updates to safeguard digital assets.

Changpeng Zhao (CZ), the former CEO of Binance Exchange, recently disclosed to the crypto community a new vulnerability that is specific to Intel-based Mac users. Users’ digital assets may be exposed by the vulnerability that affects iPhones and iPads.

Crypto Users on Alert to macOS and iPhone Exploit

Zhao encouraged Mac users with Intel-based processors to update their devices, following a zero-day exploit on November 19, by transitioning to the X platform. “If you use a Macbook with an Intel-based chip, update asap. Stay SAFU,” CZ wrote, “Remain SAFU.”

If you use a Macbook with Intel based chip, update asap!

Stay SAFU!https://t.co/mk2Jsicnte

— CZ 🔶 BNB (@cz_binance) November 20, 2024

Zero-day vulnerabilities are vulnerabilities that are discovered and leveraged by hackers prior to the release of a patch. Developers have a finite amount of time to resolve the vulnerability after it is identified, which is why the term “zero-day” is used.

These vulnerabilities present a significant risk due to the fact that the longer they remain undetected, the more time assailants have to exploit them. It has the potential to have severe repercussions for end users, including disruptions, financial loss, privacy violations, and data breaches.

Apple confirmed the attack in a postmortem and implemented significant security updates for macOS and iOS to prevent additional harm. Users were advised to upgrade to iOS 18.1.1, macOS Sequoia 15.1.1, and the older iOS 17.7.2. Apple referred to one of the vulnerabilities that was addressed as a cookie management issue.

The vulnerabilities, which impacted macOS Sequoia’s JavaScriptCore and WebKit components, were identified by the technology behemoth as CVE-2024-44308 and CVE-2024-44309. This can be exploited by hackers to launch malicious code covertly and implement “cross-site scripting attacks.”

Cross-site scripting (XSS) is a web security attack that entails the injection of malicious scripts into legitimate websites or applications. In the past, crypto hackers have exploited comparable vulnerabilities on Mac and Windows computers to capture wallet passwords and install malware to steal private keys and digital assets.

The most recent vulnerabilities were initially discovered by researchers at Google’s Threat Analysis Group, who are renowned for investigating government-sponsored breaches. In light of this, there has been an increase in speculation regarding the potential involvement of state-sponsored actors. In the interim, Apple has not disclosed any information regarding the severity of the harm, beyond the assertion that the vulnerabilities were “actively exploited.”

Issues for MacOS and Apple users

Despite Apple’s exceptional security record, users have been exposed to numerous security vulnerabilities this year. North Korean hackers exploited macOS with malware concealed in counterfeit PDFs to steal crypto keys, according to a report by CNF earlier this month.

In March, researchers identified a vulnerability in Apple’s M-series processors that could be exploited by hackers to access cryptographic keys that are stored in the CPU’s cache. A month later, Trust Wallet, a provider of Web3 wallets, issued a warning regarding an additional zero-day exploit in Apple’s iMessage framework. Through this attack, hackers were able to gain access to iPhones without requiring any user interaction.

Apple introduced the iPhone 16, its inaugural smartphone with native Artificial Intelligence (AI) capabilities, in response to these assaults. As CNF observed, the announcement generated enthusiasm among AI crypto token holders.