{"id":128904,"date":"2024-11-22T19:47:50","date_gmt":"2024-11-22T12:47:50","guid":{"rendered":"https:\/\/hotvideos24.online\/?p=128904"},"modified":"2024-11-22T19:47:50","modified_gmt":"2024-11-22T12:47:50","slug":"apple-admits-to-security-vulnerability-that-leaves-crypto-users-exposed-heres-what-you-should-do","status":"publish","type":"post","link":"https:\/\/hotvideos24.online\/?p=128904","title":{"rendered":"Apple Admits to Security Vulnerability That Leaves Crypto Users Exposed\u2014Here&#8217;s What You Should Do"},"content":{"rendered":"<p> <script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<\/p>\n<div style=\"position:relative;overflow:visible;font-size:1.2em;line-height:1.58\">\n<p class=\"font-meta-serif-pro scene:font-noto-sans scene:text-base scene:md:text-lg font-normal text-lg md:text-xl md:leading-9 tracking-px text-body gg-dark:text-neutral-100\"><span style=\"font-weight:400\">Apple confirmed Monday its devices were left vulnerable to an exploit that allowed for remote malicious code execution through web-based JavaScript, opening up an attack vector that could have part unsuspecting victims from their crypto.<\/span><\/p>\n<p class=\"font-meta-serif-pro scene:font-noto-sans scene:text-base scene:md:text-lg font-normal text-lg md:text-xl md:leading-9 tracking-px text-body gg-dark:text-neutral-100\"><span style=\"font-weight:400\">According to a recent <\/span><a href=\"https:\/\/support.apple.com\/en-us\/121753\" target=\"_blank\" class=\"sc-adb616fe-0 bJsyml\" rel=\"noopener\"><span style=\"font-weight:400\">Apple security disclosure<\/span><\/a><span style=\"font-weight:400\">, users must use the latest versions of its JavaScriptCore and WebKit software to patch the vulnerability.\u00a0<\/span><\/p>\n<p class=\"font-meta-serif-pro scene:font-noto-sans scene:text-base scene:md:text-lg font-normal text-lg md:text-xl md:leading-9 tracking-px text-body gg-dark:text-neutral-100\"><span style=\"font-weight:400\">The bug, discovered by researchers at Google&#8217;s threat analysis group, allows for \u201cprocessing maliciously crafted web content,\u201d which could lead to a \u201ccross-site scripting attack.\u201d<\/span><\/p>\n<p class=\"font-meta-serif-pro scene:font-noto-sans scene:text-base scene:md:text-lg font-normal text-lg md:text-xl md:leading-9 tracking-px text-body gg-dark:text-neutral-100\"><span style=\"font-weight:400\">More alarmingly, Apple also admitted it \u201cis aware of a report that this issue may have been actively exploited on Intel-based Mac systems.\u201d<\/span><\/p>\n<p class=\"font-meta-serif-pro scene:font-noto-sans scene:text-base scene:md:text-lg font-normal text-lg md:text-xl md:leading-9 tracking-px text-body gg-dark:text-neutral-100\"><span style=\"font-weight:400\">Apple also issued a <\/span><a href=\"https:\/\/support.apple.com\/en-us\/121752\" target=\"_blank\" class=\"sc-adb616fe-0 bJsyml\" rel=\"noopener\"><span style=\"font-weight:400\">similar security disclosure<\/span><\/a><span style=\"font-weight:400\"> for iPhone and iPad users. Here, it says, the JavaScriptCore vulnerability allowed for \u201cprocessing maliciously crafted web content may lead to arbitrary code execution.\u201d\u00a0<\/span><\/p>\n<p class=\"font-meta-serif-pro scene:font-noto-sans scene:text-base scene:md:text-lg font-normal text-lg md:text-xl md:leading-9 tracking-px text-body gg-dark:text-neutral-100\"><span style=\"font-weight:400\">In other words, Apple became aware of a security flaw that could let hackers take control of a user\u2019s iPhone or iPad if they visit a harmful website. An update should solve the issue, Apple said.<\/span><\/p>\n<p class=\"font-meta-serif-pro scene:font-noto-sans scene:text-base scene:md:text-lg font-normal text-lg md:text-xl md:leading-9 tracking-px text-body gg-dark:text-neutral-100\"><span style=\"font-weight:400\">Jeremiah O\u2019Connor, CTO and co-founder of crypto cybersecurity firm Trugard, told <\/span><i><span style=\"font-weight:400\">Decrypt<\/span><\/i><span style=\"font-weight:400\"> that \u201cattackers could access sensitive data like private keys or passwords\u201d stored in their browser, enabling crypto theft if the user\u2019s device remained unpatched.<\/span><\/p>\n<p class=\"font-meta-serif-pro scene:font-noto-sans scene:text-base scene:md:text-lg font-normal text-lg md:text-xl md:leading-9 tracking-px text-body gg-dark:text-neutral-100\"><span style=\"font-weight:400\">Revelations of the vulnerability within the crypto community began circulating on social media on Wednesday, with former Binance CEO Changpeng Zhao raising the alarm in <\/span><a href=\"https:\/\/x.com\/cz_binance\/status\/1859287351757078958\" target=\"_blank\" rel=\"nofollow external noopener\" class=\"sc-adb616fe-0 bJsyml\"><span style=\"font-weight:400\">a tweet<\/span><\/a><span style=\"font-weight:400\"> advising that users of Macbooks with Intel CPUs should update as soon as possible.<\/span><\/p>\n<p class=\"font-meta-serif-pro scene:font-noto-sans scene:text-base scene:md:text-lg font-normal text-lg md:text-xl md:leading-9 tracking-px text-body gg-dark:text-neutral-100\"><span style=\"font-weight:400\">The development follows <\/span><a href=\"https:\/\/decrypt.co\/223062\/apple-chip-flaw-hackers-steal-crypto-go-fetch\" target=\"_blank\" class=\"sc-adb616fe-0 bJsyml\" rel=\"noopener\"><span style=\"font-weight:400\">March reports<\/span><\/a><span style=\"font-weight:400\"> that security researchers have discovered a vulnerability in Apple&#8217;s previous generation chips\u2014its M1, M2, and M3 series that could let hackers steal cryptographic keys.<\/span><\/p>\n<p class=\"font-meta-serif-pro scene:font-noto-sans scene:text-base scene:md:text-lg font-normal text-lg md:text-xl md:leading-9 tracking-px text-body gg-dark:text-neutral-100\"><span style=\"font-weight:400\">The exploit, <\/span><a href=\"https:\/\/decrypt.co\/223582\/apple-chip-exploit-steals-crypto-what-you-need-know\" target=\"_blank\" class=\"sc-adb616fe-0 bJsyml\" rel=\"noopener\"><span style=\"font-weight:400\">which isn\u2019t new<\/span><\/a><span style=\"font-weight:400\">, leverages \u201cprefetching,\u201d a process used by Apple\u2019s own M-series chips to speed up interactions with the company\u2019s devices. Prefetching can be exploited to store sensible data in the processor\u2019s cache and then access it to reconstruct a cryptographic key that is supposed to be inaccessible.<\/span><\/p>\n<p class=\"font-meta-serif-pro scene:font-noto-sans scene:text-base scene:md:text-lg font-normal text-lg md:text-xl md:leading-9 tracking-px text-body gg-dark:text-neutral-100\"><span style=\"font-weight:400\">Unfortunately, <\/span><a href=\"https:\/\/arstechnica.com\/security\/2024\/03\/hackers-can-extract-secret-encryption-keys-from-apples-mac-chips\/?ref=zetter-zeroday.com\" target=\"_blank\" class=\"sc-adb616fe-0 bJsyml\" rel=\"noopener\"><span style=\"font-weight:400\">ArsTechnica reports that<\/span><\/a><span style=\"font-weight:400\"> this is a significant issue for Apple users since a chip-level vulnerability can not be solved through a software update.\u00a0<\/span><\/p>\n<p class=\"font-meta-serif-pro scene:font-noto-sans scene:text-base scene:md:text-lg font-normal text-lg md:text-xl md:leading-9 tracking-px text-body gg-dark:text-neutral-100\"><span style=\"font-weight:400\">A potential <\/span><a href=\"https:\/\/decrypt.co\/223582\/apple-chip-exploit-steals-crypto-what-you-need-know\" target=\"_blank\" class=\"sc-adb616fe-0 bJsyml\" rel=\"noopener\"><span style=\"font-weight:400\">workaround<\/span><\/a><span style=\"font-weight:400\"> can alleviate the problem, but those trade performance for security.<\/span><\/p>\n<p class=\"font-meta-serif-pro scene:font-noto-sans scene:text-base scene:md:text-lg font-normal text-lg md:text-xl md:leading-9 tracking-px text-body gg-dark:text-neutral-100\"><i>Edited by <a href=\"https:\/\/decrypt.co\/author\/stacy\" target=\"_blank\" class=\"sc-adb616fe-0 bJsyml\" rel=\"noopener\">Stacy Elliott<\/a> and <a href=\"https:\/\/decrypt.co\/author\/sebastian\" target=\"_blank\" class=\"sc-adb616fe-0 bJsyml\" rel=\"noopener\">Sebastian Sinclair<\/a><\/i><\/p>\n<div class=\"my-4 border-b border-decryptGridline\">\n<div class=\"text-start p-8 md:py-12 md:px-12 max-w-prose relative\"><span class=\"border-t-4 border-l-4 w-4 h-4 md:border-t-[6px] md:border-l-[6px] md:w-6 md:h-6 border-decryptPurple dark:border-decryptNeon gg-dark:border-cc-pink-2 absolute top-4 left-4 md:top-6 md:left-6\"\/><span class=\"border-t-4 border-l-4 w-4 h-4 md:border-t-[6px] md:border-l-[6px] md:w-6 md:h-6 border-decryptPurple dark:border-decryptNeon gg-dark:border-cc-pink-2 absolute rotate-180 bottom-4 right-4 md:bottom-6 md:right-6\"\/><\/p>\n<h3 class=\"font-akzidenz-grotesk font-bold text-xl md:text-3xl md:text-center gg-dark:text-white\">Daily Debrief<!-- --> Newsletter<\/h3>\n<p>Start every day with the top news stories right now, plus original features, a podcast, videos and more.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<p><script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<br \/><div data-type=\"_mgwidget\" data-widget-id=\"1660802\">\r\n<\/div>\r\n<script>(function(w,q){w[q]=w[q]||[];w[q].push([\"_mgc.load\"])})(window,\"_mgq\");\r\n<\/script>\r\n<br \/>\n<br \/><a href=\"https:\/\/decrypt.co\/293001\/apple-admits-to-security-vulnerability-that-leaves-crypto-users-exposed-heres-what-you-should-do\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Apple confirmed Monday its devices were left vulnerable to an exploit that allowed for remote malicious code execution through web-based JavaScript, opening up an attack vector that could have part &hellip; <a href=\"https:\/\/hotvideos24.online\/?p=128904\" class=\"more-link\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8630],"tags":[],"class_list":["post-128904","post","type-post","status-publish","format-standard","hentry","category-technology","entry"],"_links":{"self":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/128904","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=128904"}],"version-history":[{"count":0,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/128904\/revisions"}],"wp:attachment":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=128904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=128904"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=128904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}