Apple Fixes Critical iPhone and Mac Bug That Threatens Crypto Users

This flaw poses serious risks for people who store cryptocurrency on their Apple devices.

The bug, called CVE-2025-43300, lets attackers take control of Apple devices without the user doing anything. They just need to send a harmful image file through iMessage or email. When the device processes the image, hackers can access everything on it – including crypto wallets and trading apps.

Apple confirmed the bug was “exploited in an extremely sophisticated attack against specific targeted individuals.” The company didn’t say who was behind the attacks or who got targeted.

This zero-click exploit targets Apple’s Image I/O framework, which handles picture files across all Apple devices. The bug is an “out-of-bounds write” issue, meaning attackers can mess with parts of the device’s memory they shouldn’t be able to reach.

Juliano Rizzo, CEO of cybersecurity firm Coinspect, explained that “an attachment delivered via iMessage can be processed automatically and lead to device compromise.” Users don’t need to click anything or open any files – their device gets hacked just by receiving the malicious image.

Source: https://nvd.nist.gov/

Once hackers get in, they can access crypto wallets, steal login details for exchanges, and monitor user activity when entering passwords or recovery phrases.

Security experts warn that people who own cryptocurrency face bigger dangers from this bug than regular users. Here’s why:

Permanent losses: Unlike stolen credit cards or bank accounts, cryptocurrency theft can’t be reversed. Once hackers move digital coins to their own wallets, the money is gone forever.

High-value targets: Crypto holders often have significant amounts of money stored on their devices. This makes them attractive targets for skilled hackers willing to spend time and resources on attacks.

Mobile storage: Many people store crypto wallets or exchange apps directly on their phones and computers, putting their funds at immediate risk if the device gets compromised.

The timing is particularly bad for the crypto industry. Security firm CertiK reported that hackers and scammers stole over $2.2 billion from crypto users in just the first half of 2025.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) took the unusual step of ordering all federal agencies to patch the bug by September 11, 2025. This shows how serious government security experts consider the threat.

The bug affects a wide range of Apple devices, including:

• iPhones from the XS model onward (released in 2018)
• iPad Pro, iPad Air, and regular iPads from recent years
• Mac computers running macOS Sequoia, Sonoma, or Ventura

This makes CVE-2025-43300 the seventh zero-day bug that Apple has fixed in 2025 after hackers were already using it in attacks.

Security experts recommend several immediate steps for cryptocurrency holders:

Update right away: Don’t wait for automatic updates. Go to Settings > General > Software Update on iOS devices or System Settings on Mac computers and install the patches manually.

Check for compromise: While it’s hard for regular users to detect if their device was attacked, look for unusual behavior like apps running slowly, unexpected network activity, or crypto wallet balances that don’t match your records.

Move your crypto: If you think your device might have been targeted, consider moving your cryptocurrency to new wallets with fresh private keys generated on a different, clean device.

Secure backup accounts: Change passwords for email and cloud storage accounts that hackers could use to reset your crypto exchange passwords.

The updates fix the bug in iOS 18.6.2, iPadOS 18.6.2, and several versions of macOS. Older devices that can’t run these updates remain vulnerable and should be replaced if used for crypto storage.

This isn’t the first time hackers have targeted Apple’s image processing system. In 2023, a similar bug in the same ImageIO framework was used to install NSO Group’s Pegasus spyware on targeted devices.

That attack, called BLASTPASS, also used malicious images sent through iMessage to break into iPhones without any user interaction. The pattern shows that sophisticated hacking groups continue to find new ways to exploit how Apple devices handle pictures and media files.

While this specific bug is now fixed, it highlights the ongoing risks crypto users face from device-based attacks. The zero-click nature of the exploit – requiring no user mistakes or bad decisions – shows that even security-conscious people can become victims.

The incident reinforces the importance of keeping devices updated, using hardware wallets for large amounts of cryptocurrency, and spreading funds across multiple storage methods instead of keeping everything on one device.

Apple has strengthened the Image I/O framework’s security, but crypto users should stay alert for similar threats in the future.