Kaspersky Lab Experts: Vulnerabilities in iOS and macOS Put Users’ Cryptos At Risk
Kaspersky Lab experts have reported two critical vulnerabilities in Apple’s operating systems that allow an attacker to gain superuser privileges on a victim’s device.
The first exploit is in WebKit, the browser engine used for web page rendering. This makes it possible for an iPhone, iPad or Mac to be infected without any action on the part of the user, just by visiting a malicious site.
The second vulnerability in the IOSurfaceAccelerator object enables attackers to execute code with kernel permissions, thus granting them full control over the device.
Colin Wu has emphasized that this could compromise users’ crypto assets.
To address the vulnerabilities, Apple has released updates for the latest and several previous versions of its operating systems.
Kaspersky Lab believes that these exploits are actively used to install spyware. In March, malicious versions of some macOS programs were discovered to contain a hidden Monero miner.
