Apple publishes emergency fixes against a flaw exploited to steal cryptos

What unbridled imagination for those who covet our cryptos! Each new episode of this long digital series redraws the contours of technological paranoia. The last find? A simple image file. Yes, a tank photo. Enough to transform your iPhone into Cryptos colander without you breaking your finger. The target? All those who use Apple products … But above all, all those who store their Wallet keys in unexpected places. Fortunately, an emergency update was launched to try to clog the breaches.

When Apple becomes the weak link in your safety

Emergency reported in November: an Apple flaw put your cryptos in danger. It is in response to this threat that, on August 20, 2025, Apple published a series of fixes for iOS, iPados and MacOS, aimed CVE-2025-43300. This vulnerability in Imageio allowed a malicious image to corrupt the memory of the device. No click required. No opening necessary.

Apple recognized the existence of an extremely sophisticated attack that has targeted specific individuals.

Even more worrying, image processing could be triggered automatically via iMessage or web content.

The affected versions:

• iOS 18.6.2 / iPados 18.6.2;
• MacOS Ventura 13.7.8 ;
• MacOS Sonoma 14.7.8;
• MacOS Sequoia 15.6.1.

The Bug CVSS score: 8.8/10. The crypto then becomes easy prey for malicious actors, and portfolio holders on mobile are on the front line.

Selfie cryptos: when your gallery becomes a piratable safe

In recent years, we know that cybercriminals never sleep. But there they innovate. Tools like Sparkcat or Sparkkitty use the OCR to read your images. Their favorite target? Recovery sentences, Wallet Crypto QR codes, copied/glued addresses.

An infected image serves as an anchoring point. Then, everything becomes possible: access the gallery, read the photos, scrutinize the clipboard.

Some cybersecurity researchers, such as Juliano Rizzo de Coins Respect, stressed that The danger comes as much from the flaw as from our bad habits. Storing your recovery sentence in a screenshot or a visible image is to offer malware a royal road to your assets. It is no longer a piracy, but a simple pickup. The malicious tools have to extract what you have left in evidence.

The previous one with Blastpass in 2023 had already shown that an image flaw could trigger attacks without click. The model is repeated.

Morality of history? If your cryptos sleep on an Apple mobile, it's time for the big revision: photo permissions, clipboard access, and above all … Cold Wallet.

What this Apple fault really hides

The Faille Imageio is only the emerged part of the iceberg. This critical bug, exploited without click, illustrates a deeper problem: the digital passivity in which we settle. On iOS, some images are automatically processed upon receipt. A practical function … until it becomes a bridge for attackers.

Apple keeps silence on the exact vector, but experts suspect automatic processing via iMessage or Safari. And while we are talking about crypto, it is the whole ecosystem that becomes an attack ground. Each flaw, each user behavior becomes an opportunity.

Juliano Rizzo de Coins Respect recalls that the lack of user's action is what makes this type of attack formidable. When a device works for you … it can also work against you.

And if we look at the figures for 2025, the trend is far from reassuring.

What the figures of 2025 reveal:

• 7 ZERO-DAY faults detected on Apple products;
• 16 billion leaky passwords in a single leak;
• 30 massively compromised databases;
• 70 % of the identifiers recovered still active according to Cybernews.

Everything is (temporarily) under control, but the lull does not deceive anyone. While this crypto attack was contained thanks to the updates, other fronts open. A recent Leak has exhibited more than 16 billion passwords, affecting Apple, Google, Facebook. The proof that ingenuity is not only among coders … but also among those who collect your traces to better strip you.