Apple Rushes Emergency Patches for Crypto-Stealing Vulnerability
Cybercriminals continue to find new and unexpected ways to target crypto users. Each new episode of this long digital series redraws the contours of technological paranoia. The latest discovery? A simple image file. Yes, a doctored photo. Enough to compromise your iPhone and drain your crypto without any user action. The target? Everyone who uses Apple products… but especially, everyone who stores their wallet keys in unexpected places. Fortunately, an emergency update has been released to try to patch the breaches.
In brief
- An ImageIO vulnerability allowed code execution via image, no user click needed.
- Apple published urgent patches covering iOS, macOS and iPadOS against this threat.
- Malwares exploit photo galleries to steal recovery phrases and wallet QR codes.
- Experts recommend switching to a cold wallet and restricting access to sensitive photos.
When Apple becomes the weak link in your security
Urgency signaled in November: an Apple vulnerability endangered your cryptos . It was in response to this threat that, on August 20, 2025, Apple published a series of patches for iOS, iPadOS, and macOS, targeting a critical vulnerability referenced CVE-2025-43300 . This vulnerability in ImageIO allowed a malicious image to corrupt the device’s memory. No click required. No opening necessary.
Apple acknowledged the existence of a highly sophisticated attack targeting specific individuals.
Even more worrying, image processing could be triggered automatically via iMessage or web content.
The affected versions:
- iOS 18.6.2 / iPadOS 18.6.2;
- macOS Ventura 13.7.8 ;
- macOS Sonoma 14.7.8;
- macOS Sequoia 15.6.1.
The CVSS score of the bug: 8.8/10. Crypto then becomes easy prey for malicious actors, and mobile wallet holders are on the front line.
When your photo gallery turns into a target for crypto theft
For a few years now, we know cybercriminals never sleep. But now, they innovate. Tools like SparkCat or SparkKitty use OCR to read your images. Their favorite target? Recovery phrases, crypto wallet QR codes, copied/pasted addresses.
An infected image serves as an anchor point. Then, everything becomes possible: accessing the gallery, reading photos, scrutinizing the clipboard.
Some cybersecurity researchers, like Juliano Rizzo from Coinspect, pointed out that the danger comes as much from the vulnerability as from our bad habits . Storing your recovery phrase in a screenshot or visible image is giving malwares a royal road to your assets. At that point, it’s no longer hacking—it’s simply harvesting what users left exposed. Malicious tools just have to extract what you left in plain sight.
The precedent with Blastpass in 2023 had already shown that an image vulnerability could trigger attacks without clicks. The pattern repeats.
Moral of the story? If your cryptos sleep on an Apple mobile, it’s time for a thorough check: photo permissions, clipboard access, and especially… cold wallet.
What this Apple vulnerability really hides
The ImageIO vulnerability is only the tip of the iceberg. This critical bug, exploited without a click, illustrates a deeper problem: the digital passivity into which we settle. On iOS, some images are automatically processed upon receipt. A convenient feature that, in this case, created an entry point for attackers.
Apple remains silent about the exact vector, but experts suspect automatic processing via iMessage or Safari. And while we talk about crypto, the entire ecosystem becomes a battleground. Every vulnerability, every user behavior becomes an opportunity.
Juliano Rizzo from Coinspect reminds that the absence of user action is what makes this kind of attack so formidable. When a device works for you… it can also work against you.
And if we look at the 2025 figures, the trend is far from reassuring.
What the 2025 figures reveal:
- 7 zero-day vulnerabilities detected on Apple products;
- 16 billion passwords leaked in a single breach;
- 30 databases massively compromised;
- 70% of recovered credentials still active according to CyberNews.
Everything is (temporarily) under control, but the lull fools no one. While this crypto attack was contained thanks to updates, other fronts are opening. A recent leak exposed more than 16 billion passwords , affecting Apple, Google, Facebook. Proof that ingenuity is not only found among coders… but also among those who collect your traces to better strip you.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Decoding VitaDAO: A Paradigm Revolution in Decentralized Science
Mars Morning News | ETH returns to $3,000, extreme fear sentiment has passed
The Federal Reserve's Beige Book shows little change in U.S. economic activity, with increasing divergence in the consumer market. JPMorgan predicts a Fed rate cut in December. Nasdaq has applied to increase the position limit for BlackRock's Bitcoin ETF options. ETH has returned to $3,000, signaling a recovery in market sentiment. Hyperliquid has sparked controversy due to a token symbol change. Binance faces a $1 billion terrorism-related lawsuit. Securitize has received EU approval to operate a tokenization trading system. The Tether CEO responded to S&P's credit rating downgrade. Large Bitcoin holders are increasing deposits to exchanges. Summary generated by Mars AI. The accuracy and completeness of this summary are still being iteratively improved by the Mars AI model.
The central bank sets a major tone on stablecoins for the first time—where will the market go next?
The People's Bank of China held a meeting to crack down on virtual currency trading and speculation, clearly defining stablecoins as a form of virtual currency with risks of illegal financial activities, and emphasized the continued prohibition of all virtual currency-related businesses.
Trending news
MoreCrypto prices
More
