This vulnerability poses risks that could lead to the theft of digital assets and sensitive information. In his statement on November 19, Zhao urged users to update their systems immediately.

These vulnerabilities, which also affect iPhone and iPad devices, are actively exploited on Mac systems. This prompted Apple to issue emergency security patches.

“If you are using an Intel-based MacBook, update now!” Zhao stated that sensitive data, especially of crypto investors, may be at risk. This warning to the crypto community once again emphasized the importance of users making timely security updates.

Zero-day vulnerabilities are bugs that hackers discover in a software and exploit before a patch is released. Its name comes from the fact that developers have “zero days” to solve these problems. In this process, users remain vulnerable and are at risk unless they update their systems.

According to Apple’s reports, these vulnerabilities, tracked as CVE-2024-44308 and CVE-2024-44309, affect the JavaScriptCore and WebKit components of macOS Sequoia. Hackers can use these vulnerabilities to run malicious code and conduct cross-site scripting attacks.

These attacks allow attackers to inject malicious scripts into trusted sites or applications. When users unknowingly visit these sites, their sessions may be hijacked, sensitive information may be stolen, or they may be redirected to malicious sites.

Crypto investors have suffered serious losses due to similar vulnerabilities in the past. Most often, such exploits were used to steal wallet information, conduct phishing attacks and capture private keys.

Apple stated that one of these vulnerabilities was caused by a cookie management issue and was resolved with “improved state management.” Another vulnerability was closed using “improved controls.”

These vulnerabilities were discovered by Google’s Threat Analysis Group (TAG). TAG is known for investigating government-sponsored cyberattacks. This led to speculation that these attacks may have been carried out by state-sponsored actors.

Apple stated that these vulnerabilities were “actively exploited” but did not make a clear statement about the extent of the attacks. Apple users have faced similar risks several times this year.

For example, on November 12, North Korean hackers launched attacks containing crypto-focused malware, bypassing Apple’s security measures on older macOS versions.

No matter how stringent Apple’s security measures are, attackers continue to specifically target crypto investors.

For example, in April, Trust Wallet warned about a zero-day vulnerability in Apple’s iMessage framework. This vulnerability allowed attackers to infiltrate iPhones without user interaction.

Another vulnerability discovered in Apple’s M series chips in March could have caused the cryptographic keys stored in the processor’s cache to be compromised.

Attackers also infiltrated the App Store several times and published fake crypto wallets and exchange applications. These applications aimed to capture users’ digital assets.

Although it is stated that these vulnerabilities have been closed with Apple’s latest security updates, users are advised to update their systems immediately and take extra security measures. Especially for crypto investors, it is of great importance to keep devices updated and use only reliable applications.