Apple Fixes Zero-Click iOS Exploit That Puts Crypto Wallets at Risk

Apple is urging users to immediately update their devices in order to patch a zero-click vulnerability that has allowed attackers to silently compromise iPhones, iPads, and Macs—posing a serious threat to cryptocurrency users whose wallets and private keys may be at risk.

In a Thursday advisory, Apple confirmed that the flaw resided in its Image I/O framework, which processes image files across Apple devices. Due to a memory handling error, maliciously crafted images could execute unauthorized code without requiring any user interaction—a key hallmark of a zero-click attack.

The security updates include fixes in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, macOS Sequoia 15.6.1, iOS 18.6.2, and iPadOS 18.6.2. Apple said it is aware of reports that the exploit was already being used in highly targeted attacks against specific individuals.

Why Crypto Users Are at Higher Risk

Cybersecurity experts warn that the exploit is particularly concerning for cryptocurrency holders. Because crypto assets are irreversible once transferred, compromised devices give attackers a direct financial incentive. Access to storage apps, seed phrases, or crypto wallets on an infected iPhone could be enough for hackers to drain accounts.

Juliano Rizzo, founder and CEO at cybersecurity firm Coinspect explained that a zero-click vulnerability is an attack that doesn't even require a responses from the user, and an attachment delivered via iMessage could be powerful enough to automatically wipe clean the victim's crypto wallet.

The vulnerability affects Apple’s Image I/O framework, which allows applications to read and write most image file formats. Due to improper implementation, processing a malicious image allows for out-of-bounds memory write access.

In other words, attackers can leverage this vulnerability to write to areas of a device’s memory that should be inaccessible. Such an issue, in the hands of a particularly sophisticated attacker, can compromise device security by allowing attackers to execute code on targeted devices.

A device’s memory holds all the programs currently being executed, including critical ones. Being able to write to memory outside the authorized scope allows attackers to alter how other programs operate and execute their own instructions.

Advice To High Risk Users

For high-value targets—such as traders, investors, or developers, storing sensitive keys on Apple devices—Rizzo recommended migrating to new wallet keys if there is any suspicion of compromise.

“The key is to stay calm, secure primary accounts like email and cloud storage, and only then rotate wallet credentials if necessary.”

He emphasized that while patching devices is essential, security actions should not be delayed while waiting for updates to install.

For average users, system logs may theoretically provide signs of compromise, but Rizzo noted that in practice they are “hard to interpret.” Instead, he highlighted that Apple itself, along with other vendors who are often the first to detect exploitation, should be responsible for contacting the victims directly to warn them of the danger.