• Send Us A Tip
  • Calling all Tech Writers
  • Advertise
Sunday, July 5, 2026
  • Login
TechStory
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
TechStory
No Result
View All Result
Home Crypto

Zero-Day Exploit: How a Malicious Image is Draining Crypto Wallets on iOS and macOS

by Anindya Paul
August 23, 2025
in Crypto, Tech
Reading Time: 3 mins read
0
Zero Day

Source: Bleeping Computer

TwitterWhatsappLinkedin

There has been a “highly sophisticated” zero-day vulnerability discovered in Apple’s ImageIO framework, and it has been actively exploited to successfully compromise iOS and macOS devices, and in some cases drained cryptocurrency wallets. The exploit raises awareness of the importance of users remaining vigilant and updating their devices immediately.

You might also like

How Passkeys Work Across Devices: A Simple Guide to Password-Free Sign-Ins

Project Aion Discovered Leaked Microsoft Experiment Reveals Web-Based Agentic OS Built Around Copilot

Upending the Feed YouTube Rallies Creators to Oppose Mandated UK Algorithm Changes

The Vulnerability: A Picture is Not Always Worth a Thousand Words

In essence, a seemingly harmless image file can now serve as a trojan horse in the digital domain A vulnerability that has been given CVE-2025-43300 is an out-of-bounds write vulnerability stemming from Apple’s ImageIO framework, which is the core component that allows applications to process image files. This vulnerability works as follows – send a crafted image (or file) to a target device (generally via a messaging app such as Telegram) that they won’t have to click on. The moment the device processes an image (even if merely storing the image so the user can generate a preview) is when an exploit can deliver payload code and thus wreak memory corruption and provides the justification for executing code and entering the device.

Targeted Attacks on Valuable Individuals

Initial reporting from sources like Rescana, a cybersecurity company, indicates this attack is not a standard breadth approach of random attacks (n.b.: limited attack patterns that might be a broader attack vector). Instead, it is being used in “extremely sophisticated attacks against specific targeted individuals,” particularly those with a high net worth. The user Fawi on X first brought public attention to the exploit, specifically pointing out its use to drain cryptocurrency wallets on iOS and macOS. This zero-click nature of the attack, where no user interaction is required, makes it particularly dangerous for high-profile targets, including journalists, government officials, and crypto investors.

The Mechanism of the Attack

The attacks reported on social media and by various security researchers suggest a clear, malicious chain of events. An attacker sends a seemingly harmless image. As the exploit may be “zero-click”, the device’s operating system processes the image to present a preview, and executes any malicious code or scripts that were embedded in the image. This would give the attacker control over the device and its contents. For cryptocurrency users, and other users of digital wallets, they may be susceptible to silent theft of their funds – because these devices and wallets would be linked. Also, the continual sending of the image is likely a persistence mechanism, with the intention of ensuring the attacker’s code remains active, and to make sure that the temporary fix, or the user’s attempted to dismiss the image, was bypassed.

Urgent Action Required: The Solution

Apple has put out security updates for its operating systems in response to this serious threat. In response to the exploit, the company has fixed the vulnerability by enhancing “bounds checking” in the ImageIO framework, literally shutting the exploit. The primary solution for all Apple users is to update their devices immediately. Users on iOS 18.6.2 and higher, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8 are protected.
Beyond simply updating, a crucial preventive step is to disable automatic image downloads in messaging apps. For instance, as noted by security experts, in Telegram, users can go to Settings -> Data and Storage and disable automatic media downloads for both cellular and Wi-Fi networks. While this may be an inconvenience, it can be a vital first line of defense against attacks that rely on an image being processed without user consent.

The Broader Threat of Zero-Days

This latest incident is a reminder of the ongoing risks of zero-day exploits. A zero-day is a security flaw that remains unknown to a software developer, and thus the flaw is unpatched. It is a formidable weapon for attackers because there is no patch available to defend against an unknown vulnerability until someone discovers and then discloses it. The fact that threat actors can weaponize these vulnerabilities (and the related sophistication a threat actor must possess to carry out a successful attack) all highlight that we need to remain aware of the risks. For individuals and organizations, the best defense is essentially proactive — update all devices and software regularly, adopt multi-factor authentication, and simply be cautious with any unsolicited messages regardless of sender. While Apple has been timely in its response, the incident continues to demonstrate an ongoing game of cat and mouse between security researchers and malicious bad actors in today’s digital world.

Tweet56SendShare16
Previous Post

The Philippines’ Bold Move Towards Financial Sovereignty: A New Bitcoin Bill

Next Post

EU’s Digital Euro Ambitions Ignite Amid US Stablecoin Regulation

Anindya Paul

Professional content creator with strong expertise in content writing, filmmaking and social media strategy. Skilled in digital storytelling, scriptwriting, video production, sound design and graphic design - crafting compelling narratives across platforms. Known for delivering high-quality, engaging content under tight deadlines. A collaborative team player with a sharp creative instinct, adaptability to evolving trends, and a focus on impactful, results-driven communication.

Recommended For You

How Passkeys Work Across Devices: A Simple Guide to Password-Free Sign-Ins

by Sneha Singh
July 5, 2026
0
How Passkeys Work Across Devices: A Simple Guide to Password-Free Sign-Ins

Internet security is more relevant now than ever before. People access their emails, bank apps, online shopping stores, and social media sites on a daily basis. In most...

Read more

Project Aion Discovered Leaked Microsoft Experiment Reveals Web-Based Agentic OS Built Around Copilot

by Anochie Esther
July 5, 2026
0
agentic AI operating system

The multi-billion-dollar corporate push toward generative artificial intelligence is moving past standalone companion widgets and plunging straight into the core architecture of desktop computing. For years, major operating...

Read more

Upending the Feed YouTube Rallies Creators to Oppose Mandated UK Algorithm Changes

by Anochie Esther
July 5, 2026
0
UK algorithm changes

The structural balance of the online creator economy faces an unprecedented regulatory threat from international policy updates. For over two decades, open video sharing ecosystems have operated on...

Read more
Next Post
Stablecoins

EU's Digital Euro Ambitions Ignite Amid US Stablecoin Regulation

Please login to join discussion

Techstory

Tech and Business News from around the world. Follow along for latest in the world of Tech, AI, Crypto, EVs, Business Personalities and more.
reach us at info@techstory.in

Advertise With Us

Reach out at - info@techstory.in

Aviator Game India 2026

BROWSE BY TAG

#Crypto #howto 2024 acquisition AI amazon Apple Artificial Intelligence bitcoin Business China cryptocurrency e-commerce electric vehicles Elon Musk Ethereum facebook funding Gaming Google India Instagram Investment ios iPhone IPO Market Markets Meta Microsoft News OpenAI samsung Social Media SpaceX startup startups tech technology Tesla TikTok trend trending twitter US

© 2025 Techstory.in

No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to

© 2025 Techstory.in

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?