Buy CryptoMarketsSpotFuturesGOLDEarnEvent Centre
More
USD1 Genesis
The post Apple fixes the zero-day ImageIO: alert for crypto wallets appeared on BitcoinEthereumNews.com. Extraordinary updates for iOS, iPadOS, and macOS: a flaw in ImageIO allows remote code execution just by processing an image. Apple has released iOS/iPadOS 18.6.2 and updates for macOS, confirming exploits in the wild. The impact on user security is significant, especially for those managing wallet crypto. The industry analysts we collaborate with observe that decoding vulnerabilities like those in ImageIO are often used in targeted campaigns against high-value users (e.g., portfolio operators, journalists, managers). According to data collected from official security feeds and technical reports updated as of August 25, 2025, public information remains limited, and complete IOCs have not been made available. What we know so far (recently) The vulnerability, cataloged as CVE‑2025‑43300, affects the ImageIO framework, which handles the decoding of numerous graphic formats on iPhone, iPad, and Mac. In the security bulletin for iOS/iPadOS 18.6.2 (released on August 21, 2025), Apple specifies that the flaw has been corrected and that “it is aware of reports of active exploits”. An independent analysis by Qualys published the first technical details on August 21, 2025, judging the criticality as high. An interesting aspect is the breadth of the attack surface. In summary: the corrective updates were released on August 21, 2025; investigations continue and the exploit chain can be initiated by parsing an image file in zero‑click or near-zero scenarios. How the attack works The flaw is an out‑of‑bounds write type in ImageIO. A specially crafted image can corrupt memory and be exploited to execute arbitrary code with the privileges of the process handling it. The exact vector has not been publicly described, but the most plausible surfaces include: previews and automatic decoding of images in iMessage and in other messaging apps; image rendering in Safari and in the WebKit engine; file preview (Quick Look), Photo gallery, and notifications… The post Apple fixes the zero-day ImageIO: alert for crypto wallets appeared on BitcoinEthereumNews.com. Extraordinary updates for iOS, iPadOS, and macOS: a flaw in ImageIO allows remote code execution just by processing an image. Apple has released iOS/iPadOS 18.6.2 and updates for macOS, confirming exploits in the wild. The impact on user security is significant, especially for those managing wallet crypto. The industry analysts we collaborate with observe that decoding vulnerabilities like those in ImageIO are often used in targeted campaigns against high-value users (e.g., portfolio operators, journalists, managers). According to data collected from official security feeds and technical reports updated as of August 25, 2025, public information remains limited, and complete IOCs have not been made available. What we know so far (recently) The vulnerability, cataloged as CVE‑2025‑43300, affects the ImageIO framework, which handles the decoding of numerous graphic formats on iPhone, iPad, and Mac. In the security bulletin for iOS/iPadOS 18.6.2 (released on August 21, 2025), Apple specifies that the flaw has been corrected and that “it is aware of reports of active exploits”. An independent analysis by Qualys published the first technical details on August 21, 2025, judging the criticality as high. An interesting aspect is the breadth of the attack surface. In summary: the corrective updates were released on August 21, 2025; investigations continue and the exploit chain can be initiated by parsing an image file in zero‑click or near-zero scenarios. How the attack works The flaw is an out‑of‑bounds write type in ImageIO. A specially crafted image can corrupt memory and be exploited to execute arbitrary code with the privileges of the process handling it. The exact vector has not been publicly described, but the most plausible surfaces include: previews and automatic decoding of images in iMessage and in other messaging apps; image rendering in Safari and in the WebKit engine; file preview (Quick Look), Photo gallery, and notifications…

Apple fixes the zero-day ImageIO: alert for crypto wallets

Author: BitcoinEthereumNews
Source: BitcoinEthereumNews
2025/08/26 04:28
5 min read
NEAR
NEAR$1.2374-2.45%
Gravity
G$0.003627+0.89%
For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com

Extraordinary updates for iOS, iPadOS, and macOS: a flaw in ImageIO allows remote code execution just by processing an image.

Apple has released iOS/iPadOS 18.6.2 and updates for macOS, confirming exploits in the wild. The impact on user security is significant, especially for those managing wallet crypto.

The industry analysts we collaborate with observe that decoding vulnerabilities like those in ImageIO are often used in targeted campaigns against high-value users (e.g., portfolio operators, journalists, managers).

According to data collected from official security feeds and technical reports updated as of August 25, 2025, public information remains limited, and complete IOCs have not been made available.

What we know so far (recently)

The vulnerability, cataloged as CVE‑2025‑43300, affects the ImageIO framework, which handles the decoding of numerous graphic formats on iPhone, iPad, and Mac.

In the security bulletin for iOS/iPadOS 18.6.2 (released on August 21, 2025), Apple specifies that the flaw has been corrected and that “it is aware of reports of active exploits”.

An independent analysis by Qualys published the first technical details on August 21, 2025, judging the criticality as high. An interesting aspect is the breadth of the attack surface.

In summary: the corrective updates were released on August 21, 2025; investigations continue and the exploit chain can be initiated by parsing an image file in zero‑click or near-zero scenarios.

How the attack works

The flaw is an out‑of‑bounds write type in ImageIO. A specially crafted image can corrupt memory and be exploited to execute arbitrary code with the privileges of the process handling it. The exact vector has not been publicly described, but the most plausible surfaces include:

  • previews and automatic decoding of images in iMessage and in other messaging apps;
  • image rendering in Safari and in the WebKit engine;
  • file preview (Quick Look), Photo gallery, and notifications with multimedia content.

This makes the attack potentially zero‑interaction, a rare and, it must be said, dangerous combination on mobile platforms.

Why crypto wallets are particularly exposed

Attackers often focus on user behaviors. Screenshots of seed phrase, private keys, or QR codes stored in the camera roll can be extracted with OCR and recognition tools.

If the exploit allows access to local data or bypasses permissions, the transition from the device to the funds can be very rapid. In this context, elements that increase the risk are:

  • storage of recovery phrases in photos or notes with images;
  • app with extended access to the gallery;
  • clipboard that retains keys and seed longer than necessary.

Technical data in brief

  • CVE: CVE‑2025‑43300
  • Component: ImageIO (image decoding)
  • Type of bug: out‑of‑bounds write (memory corruption)
  • Impact: execution of arbitrary code potentially without interaction
  • Platforms involved: iOS, iPadOS, macOS
  • Correct versions: iOS/iPadOS 18.6.2; updates for macOS in distribution (Apple Support)
  • Exploitation status: exploited in targeted attacks (confirmed by Apple in the bulletin of August 21, 2025)
  • Criticality: high according to the analysis by Qualys (published on August 21, 2025)

How to understand if you have been hit

At the moment, there are no specific public Indicators of Compromise (IOC) for CVE‑2025‑43300. However, some prudent signals and checks include:

  • anomalous or repeated crashes of Messages, Safari, Photos, or preview processes;
  • requests for access to Photos from apps that normally should not need them;
  • unusual network activity from gallery or messaging apps when they are inactive;
  • presence of unknown configuration profiles in Settings > General > VPN and device management;
  • check the diagnostic logs in Settings > Privacy and security > Analysis and improvements > Analysis data, looking for crashes related to ImageIO.

In the absence of public IOCs, the priority remains the installation of updates and the reduction of exposure of sensitive data. It must be said that isolated clues are not enough to confirm a compromise.

Priority Measures (5 Essential Actions)

  • Install security updates: Apple indicates iOS/iPadOS 18.6.2 and updates for macOS as corrective releases for CVE‑2025‑43300. See the practical guide to update the device: How to update iOS/iPadOS.
  • Limit access to Photos: grant apps only “Selected Photos” access and revoke unnecessary permissions.
  • Remove seed and keys from images: delete screenshots of recovery phrases, keys, or QR codes from the camera roll; it is preferable to use offline supports or solutions documented in our guide on cold storage (Cold wallet: practical guide).
  • Use cold storage for significant amounts: keeping private keys off connected devices reduces the impact of potential compromises.
  • Manage the clipboard: avoid copying seed/keys, frequently clear the clipboard, and disable universal paste if not necessary.

Context and implications for Apple users

In recent months, several zero-day vulnerabilities have been fixed on iOS and macOS. Even when the fix arrives quickly, the distribution and installation times open a window of risk.

For those who safeguard digital assets, the most prudent approach combines timely updates with practices of data-minimization and key segregation. In this context, permission management remains central.

Quick FAQ

When is it convenient to install the update?

As soon as available for your device. Apple reports active exploits (bulletin of August 21, 2025), so the patch is among the current security priorities.

Is the update enough to protect the wallets?

Substantially reduces the risk related to CVE‑2025‑43300, but the protection of funds also requires the removal of seed/keys from the camera roll, more restrictive app permissions, and, for significant amounts, the use of cold wallet.

Which devices are affected?

All Apple devices that process images via ImageIO: iPhone and iPad (iOS/iPadOS) and Mac (macOS). Check in Settings > Software Update for the availability of the latest version.

Sources and insights

Editorial note: at the moment, the Apple bulletin does not publicly display an official CVSS score nor the specific macOS build numbers for all variants; detailed IOCs or the names of the researchers who reported the flaw have not been released. We will update this section as soon as new official publications are available (last content check: August 25, 2025).

Source: https://en.cryptonomist.ch/2025/08/25/apple-fixes-the-zero%E2%80%91day-imageio-cve%E2%80%912025%E2%80%9143300-code-execution-from-images-alert-for-crypto-wallets/

Market Opportunity
NEAR Logo
NEAR Price(NEAR)
$1.2374
$1.2374$1.2374
-3.27%
USD
NEAR (NEAR) Live Price Chart
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

You May Also Like

Lovable AI’s Astonishing Rise: Anton Osika Reveals Startup Secrets at Bitcoin World Disrupt 2025

Lovable AI’s Astonishing Rise: Anton Osika Reveals Startup Secrets at Bitcoin World Disrupt 2025

BitcoinWorld Lovable AI’s Astonishing Rise: Anton Osika Reveals Startup Secrets at Bitcoin World Disrupt 2025 Are you ready to witness a phenomenon? The world of technology is abuzz with the incredible rise of Lovable AI, a startup that’s not just breaking records but rewriting the rulebook for rapid growth. Imagine creating powerful apps and websites just by speaking to an AI – that’s the magic Lovable brings to the masses. This groundbreaking approach has propelled the company into the spotlight, making it one of the fastest-growing software firms in history. And now, the visionary behind this sensation, co-founder and CEO Anton Osika, is set to share his invaluable insights on the Disrupt Stage at the highly anticipated Bitcoin World Disrupt 2025. If you’re a founder, investor, or tech enthusiast eager to understand the future of innovation, this is an event you cannot afford to miss. Lovable AI’s Meteoric Ascent: Redefining Software Creation In an era where digital transformation is paramount, Lovable AI has emerged as a true game-changer. Its core premise is deceptively simple yet profoundly impactful: democratize software creation. By enabling anyone to build applications and websites through intuitive AI conversations, Lovable is empowering the vast majority of individuals who lack coding skills to transform their ideas into tangible digital products. This mission has resonated globally, leading to unprecedented momentum. The numbers speak for themselves: Achieved an astonishing $100 million Annual Recurring Revenue (ARR) in less than a year. Successfully raised a $200 million Series A funding round, valuing the company at $1.8 billion, led by industry giant Accel. Is currently fielding unsolicited investor offers, pushing its valuation towards an incredible $4 billion. As industry reports suggest, investors are unequivocally “loving Lovable,” and it’s clear why. This isn’t just about impressive financial metrics; it’s about a company that has tapped into a fundamental need, offering a solution that is both innovative and accessible. The rapid scaling of Lovable AI provides a compelling case study for any entrepreneur aiming for similar exponential growth. The Visionary Behind the Hype: Anton Osika’s Journey to Innovation Every groundbreaking company has a driving force, and for Lovable, that force is co-founder and CEO Anton Osika. His journey is as fascinating as his company’s success. A physicist by training, Osika previously contributed to the cutting-edge research at CERN, the European Organization for Nuclear Research. This deep technical background, combined with his entrepreneurial spirit, has been instrumental in Lovable’s rapid ascent. Before Lovable, he honed his skills as a co-founder of Depict.ai and a Founding Engineer at Sana. Based in Stockholm, Osika has masterfully steered Lovable from a nascent idea to a global phenomenon in record time. His leadership embodies a unique blend of profound technical understanding and a keen, consumer-first vision. At Bitcoin World Disrupt 2025, attendees will have the rare opportunity to hear directly from Osika about what it truly takes to build a brand that not only scales at an incredible pace in a fiercely competitive market but also adeptly manages the intense cultural conversations that inevitably accompany such swift and significant success. His insights will be crucial for anyone looking to understand the dynamics of high-growth tech leadership. Unpacking Consumer Tech Innovation at Bitcoin World Disrupt 2025 The 20th anniversary of Bitcoin World is set to be marked by a truly special event: Bitcoin World Disrupt 2025. From October 27–29, Moscone West in San Francisco will transform into the epicenter of innovation, gathering over 10,000 founders, investors, and tech leaders. It’s the ideal platform to explore the future of consumer tech innovation, and Anton Osika’s presence on the Disrupt Stage is a highlight. His session will delve into how Lovable is not just participating in but actively shaping the next wave of consumer-facing technologies. Why is this session particularly relevant for those interested in the future of consumer experiences? Osika’s discussion will go beyond the superficial, offering a deep dive into the strategies that have allowed Lovable to carve out a unique category in a market long thought to be saturated. Attendees will gain a front-row seat to understanding how to identify unmet consumer needs, leverage advanced AI to meet those needs, and build a product that captivates users globally. The event itself promises a rich tapestry of ideas and networking opportunities: For Founders: Sharpen your pitch and connect with potential investors. For Investors: Discover the next breakout startup poised for massive growth. For Innovators: Claim your spot at the forefront of technological advancements. The insights shared regarding consumer tech innovation at this event will be invaluable for anyone looking to navigate the complexities and capitalize on the opportunities within this dynamic sector. Mastering Startup Growth Strategies: A Blueprint for the Future Lovable’s journey isn’t just another startup success story; it’s a meticulously crafted blueprint for effective startup growth strategies in the modern era. Anton Osika’s experience offers a rare glimpse into the practicalities of scaling a business at breakneck speed while maintaining product integrity and managing external pressures. For entrepreneurs and aspiring tech leaders, his talk will serve as a masterclass in several critical areas: Strategy Focus Key Takeaways from Lovable’s Journey Rapid Scaling How to build infrastructure and teams that support exponential user and revenue growth without compromising quality. Product-Market Fit Identifying a significant, underserved market (the 99% who can’t code) and developing a truly innovative solution (AI-powered app creation). Investor Relations Balancing intense investor interest and pressure with a steadfast focus on product development and long-term vision. Category Creation Carving out an entirely new niche by democratizing complex technologies, rather than competing in existing crowded markets. Understanding these startup growth strategies is essential for anyone aiming to build a resilient and impactful consumer experience. Osika’s session will provide actionable insights into how to replicate elements of Lovable’s success, offering guidance on navigating challenges from product development to market penetration and investor management. Conclusion: Seize the Future of Tech The story of Lovable, under the astute leadership of Anton Osika, is a testament to the power of innovative ideas meeting flawless execution. Their remarkable journey from concept to a multi-billion-dollar valuation in record time is a compelling narrative for anyone interested in the future of technology. By democratizing software creation through Lovable AI, they are not just building a company; they are fostering a new generation of creators. His appearance at Bitcoin World Disrupt 2025 is an unmissable opportunity to gain direct insights from a leader who is truly shaping the landscape of consumer tech innovation. Don’t miss this chance to learn about cutting-edge startup growth strategies and secure your front-row seat to the future. Register now and save up to $668 before Regular Bird rates end on September 26. To learn more about the latest AI market trends, explore our article on key developments shaping AI features. This post Lovable AI’s Astonishing Rise: Anton Osika Reveals Startup Secrets at Bitcoin World Disrupt 2025 first appeared on BitcoinWorld.
Share
Coinstats2025/09/17 23:40
Polygon’s Giugliano Hardfork Signals a Stability Push After a Rough 2025

Polygon’s Giugliano Hardfork Signals a Stability Push After a Rough 2025

The post Polygon’s Giugliano Hardfork Signals a Stability Push After a Rough 2025 appeared on BitcoinEthereumNews.com. The Polygon Foundation confirmed the Giugliano
Share
BitcoinEthereumNews2026/04/07 13:31
Pi Network Completes First KYC Rewards Distribution

Pi Network Completes First KYC Rewards Distribution

The Pi Network has completed its first KYC validator rewards distribution. This marks an important step in its long-running mainnet rollout. The rewards cover a
Share
Coinfomania2026/04/07 13:22

Trending News

More

Exclusive interview with Smokey The Bera, co-founder of Berachain: How the innovative PoL public chain solves the liquidity problem and may be launched in a few months

Gold Hits $3,700 as Sprott’s Wong Says Dollar’s Store-of-Value Crown May Slip

SoFi is launching a 24/7 banking hub that blends traditional cash with crypto

[Vantage Point] What Robinsons Retail’s delisting signals about the Philippine market

The growth of crypto betting in the digital economy

24/7 Live News

More

Gold $XAU breaks 3-year trend, potential implications for XAUT market dynamics.

Author: Solid 堅固 ⬡15:32

LINK listed among top 10 DeFi projects by development activity last month.

Author: Nehal13:42

Study mentions $RIVER and $ION, suggesting potential market interest or analysis focus.

Author: 𝑾𝒐𝒓𝒚𝒊𝒏13:11

Ethereum spot ETFs saw $120.2M inflow; BlackRock clients contributed $60.8M.

Author: DustyBC Crypto12:46

MON token staked with Nansen shows 54% gain from CB token sale.

Author: Alex Svanevik 🐧12:24

Crypto Prices

Bitcoin Logo

Bitcoin

BTC

$68,674.83
$68,674.83$68,674.83

-1.83%

Ethereum Logo

Ethereum

ETH

$2,102.98
$2,102.98$2,102.98

-2.84%

Solana Logo

Solana

SOL

$79.81
$79.81$79.81

-2.99%

USDCoin Logo

USDCoin

USDC

$1.0000
$1.0000$1.0000

+0.01%

XRP Logo

XRP

XRP

$1.3131
$1.3131$1.3131

-2.75%

$30,000 in PRL + 15,000 USDT

$30,000 in PRL + 15,000 USDT$30,000 in PRL + 15,000 USDT

Deposit & trade PRL to boost your rewards!