Apple Issues Critical Security Patch for Zero-Click iPhone and Mac Exploit Targeting Crypto Users
The CVE-2025-43300 flaw in Apple’s Image I/O framework allowed arbitrary code execution through malicious images, posing severe risks to cryptocurrency wallet security.
Apple has released an emergency patch for a zero-click vulnerability, CVE-2025-43300, in its Image I/O framework that could let attackers execute arbitrary code via maliciously crafted images on iPhones, iPads, and Macs. The flaw, already exploited in targeted attacks, puts crypto holders at high risk as compromised devices can enable wallet theft. Updates include iOS 18.6.2, iPadOS 18.6.2, and macOS Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8. Experts urge crypto users to update immediately, migrate wallet keys if compromised, and secure key accounts. The case follows historic incidents like the Lazarus Group’s blockchain game hack and comes amid a wider surge in 2025 crypto hacks exceeding $2.2 billion, including Bybit’s $1.5B loss, Cetus Protocol’s $225M exploit, and multiple DeFi and exchange breaches.
- Zero-Click Exploit: A cyberattack method that compromises a device without any user interaction, often via automatically processed malicious data such as images or messages.
- Image I/O Framework: An Apple software component that handles the processing of image files across iOS and macOS devices, which if vulnerable can be used as an attack vector.
- Multisig Wallet: A cryptocurrency wallet that requires multiple private keys to authorize a transaction, enhancing security but vulnerable if key control is compromised.