A significant portion of investors access exchanges through their mobile devices and store their DeFi wallet information there. While phones are private for everyone, 0day vulnerabilities can easily compromise this privacy. Due to a newly discovered system vulnerability, it is essential to update your device immediately.
Crypto Investors Beware
Another thing that can be as damaging as a privacy breach is the compromise of your crypto wallet. Since most investors store their private keys on their phones, this is not an unlikely scenario with these 0day vulnerabilities. However, attackers who gain access to your phone can easily take control of your assets on centralized exchanges.
A newly reported vulnerability is particularly relevant to crypto investors. Apple has announced today that it has patched the vulnerability that targeted iPhone and iPad users. The latest announcement stated:
“Apple is aware of a report that this issue may have been actively exploited in iOS versions prior to 16.6.”
Zero-day (CVE-2023-42824) is a vulnerability discovered in the XNU kernel.
Update Your Device
Apple has addressed the security issue in iOS 17.0.3 and iPadOS 17.0.3 with enhanced controls. However, Apple has not yet disclosed who discovered and reported the vulnerability. Apple also patched a vulnerability tracked as CVE-2023-5217, which stems from a stack buffer overflow in the VP8 encoding of the open-source libvpx video codec library and could allow arbitrary code execution with a successful exploit.
Fake alerts resembling system notifications are also being sent to users of older versions. It is crucial not to click on these notifications and upgrade your operating system to the latest version.
Clicking on links can pose various risks. For example, an attacker exploiting a vulnerability on any exchange through XSS vulnerabilities can obtain your login credentials simply by clicking on a link. They can also take advantage of different vulnerabilities to trigger a transaction on the exchange in your name. For all these reasons, if you store your crypto assets on your phone, you need to be even more cautious.
