Apple Rushes Emergency Patches for Crypto-Stealing Vulnerability
Cybercriminals continue to find new and unexpected ways to target crypto users. Each new episode of this long digital series redraws the contours of technological paranoia. The latest discovery? A simple image file. Yes, a doctored photo. Enough to compromise your iPhone and drain your crypto without any user action. The target? Everyone who uses Apple products… but especially, everyone who stores their wallet keys in unexpected places. Fortunately, an emergency update has been released to try to patch the breaches.
In brief
- An ImageIO vulnerability allowed code execution via image, no user click needed.
- Apple published urgent patches covering iOS, macOS and iPadOS against this threat.
- Malwares exploit photo galleries to steal recovery phrases and wallet QR codes.
- Experts recommend switching to a cold wallet and restricting access to sensitive photos.
When Apple becomes the weak link in your security
Urgency signaled in November: an Apple vulnerability endangered your cryptos . It was in response to this threat that, on August 20, 2025, Apple published a series of patches for iOS, iPadOS, and macOS, targeting a critical vulnerability referenced CVE-2025-43300 . This vulnerability in ImageIO allowed a malicious image to corrupt the device’s memory. No click required. No opening necessary.
Apple acknowledged the existence of a highly sophisticated attack targeting specific individuals.
Even more worrying, image processing could be triggered automatically via iMessage or web content.
The affected versions:
- iOS 18.6.2 / iPadOS 18.6.2;
- macOS Ventura 13.7.8 ;
- macOS Sonoma 14.7.8;
- macOS Sequoia 15.6.1.
The CVSS score of the bug: 8.8/10. Crypto then becomes easy prey for malicious actors, and mobile wallet holders are on the front line.
When your photo gallery turns into a target for crypto theft
For a few years now, we know cybercriminals never sleep. But now, they innovate. Tools like SparkCat or SparkKitty use OCR to read your images. Their favorite target? Recovery phrases, crypto wallet QR codes, copied/pasted addresses.
An infected image serves as an anchor point. Then, everything becomes possible: accessing the gallery, reading photos, scrutinizing the clipboard.
Some cybersecurity researchers, like Juliano Rizzo from Coinspect, pointed out that the danger comes as much from the vulnerability as from our bad habits . Storing your recovery phrase in a screenshot or visible image is giving malwares a royal road to your assets. At that point, it’s no longer hacking—it’s simply harvesting what users left exposed. Malicious tools just have to extract what you left in plain sight.
The precedent with Blastpass in 2023 had already shown that an image vulnerability could trigger attacks without clicks. The pattern repeats.
Moral of the story? If your cryptos sleep on an Apple mobile, it’s time for a thorough check: photo permissions, clipboard access, and especially… cold wallet.
What this Apple vulnerability really hides
The ImageIO vulnerability is only the tip of the iceberg. This critical bug, exploited without a click, illustrates a deeper problem: the digital passivity into which we settle. On iOS, some images are automatically processed upon receipt. A convenient feature that, in this case, created an entry point for attackers.
Apple remains silent about the exact vector, but experts suspect automatic processing via iMessage or Safari. And while we talk about crypto, the entire ecosystem becomes a battleground. Every vulnerability, every user behavior becomes an opportunity.
Juliano Rizzo from Coinspect reminds that the absence of user action is what makes this kind of attack so formidable. When a device works for you… it can also work against you.
And if we look at the 2025 figures, the trend is far from reassuring.
What the 2025 figures reveal:
- 7 zero-day vulnerabilities detected on Apple products;
- 16 billion passwords leaked in a single breach;
- 30 databases massively compromised;
- 70% of recovered credentials still active according to CyberNews.
Everything is (temporarily) under control, but the lull fools no one. While this crypto attack was contained thanks to updates, other fronts are opening. A recent leak exposed more than 16 billion passwords , affecting Apple, Google, Facebook. Proof that ingenuity is not only found among coders… but also among those who collect your traces to better strip you.
