Latest vulnerabilities found in Apple’s iOS could potentially compromise mobile crypto wallets.
Apple has released updates to its iOS and iPadOS mobile operating systems after the company confirmed reports of vulnerabilities that could potentially threaten mobile crypto wallets. These vulnerabilities are related to a remote arbitrary code execution, which means that a malicious actor could gain remote administrative access to a target system.
The company was quick to respond to the reported flaws, rolling out the necessary fixes for iOS 14.4 and iPadOS 14.4 while recommending its users to update their devices to the latest version.
But for those who regularly use mobile crypto wallets, this is even more important.
“If you are using a mobile crypto wallet on an iOS device, be sure to update iOS as soon as possible! The update includes a fix for a remote arbitrary code execution vulnerability that may have been actively exploited,” said Pete Kim, head of engineering at Coinbase Wallet.
According to Apple, the security flaws “may have been actively exploited.” The full extent of the vulnerabilities hasn’t been disclosed though.
Two new updates are addressing the flaws discovered in Apple’s WebKit engine, the open-source web browser engine used by Safari, Mail, the App Store and various other apps. The third one relates to the kernel in affected devices and is described as allowing a malicious application to elevate privileges.
“I can only speak on the security of our product, but if a product only relies on the security of the iOS device then they are probably in trouble,” Tal Be'ery, security research manager at ZenGo, told Decrypt.
He noted that since Apple did not share full technical details “we cannot know for sure” what possible risks are.
“From the threat modelling perspective, these kinds of vulnerabilities are usually used by a nation state attacker to hack their adversaries and cost millions. However, we believe that due to additional security measures we included in our product, which are independent of the device security, our customers are not at immediate risk,” added Tal Be'ery.
But he added that even ZenGo users should update their devices, as it’s a good security practice.