Apple fixes iOS flaw that threatened cryptocurrency wallets

• Apple Releases iOS Patch to Secure Cryptocurrency Wallets
• ImageIO zero-day flaw allowed code execution
• Spyware could steal seed phrases and transaction addresses

Apple launched critical updates to fix a zero-day vulnerability in their systems, including iOS 18.6.2, iPadOS 18.6.2, and recent versions of macOS. The flaw was in the ImageIO component, responsible for parsing common image formats, and allowed malicious files to corrupt memory, enabling remote code execution.

Company confirmed that the exploit had already been used in sophisticated attacks against specific targets. Listed as CVE-2025-43300, the flaw resulted from an out-of-bounds write, which Apple patched with more stringent security checks.

The risk to the cryptocurrency sector is straightforward. Many users store wallet seed phrases in screenshots or photo galleries, and copy and paste recipient addresses into transactions. Recent research has highlighted that spyware such as SparkCat and SparkKitty exploit OCR to identify recovery phrases in images, on both iOS and Android.

According to security experts , a malicious image-based attack could open the door to access wallet data, monitor financial applications, and even hijack the clipboard, replacing destination addresses during on-chain transfers. This technique is already used in fund-draining schemes, in which the attacker silently redirects funds.

Similar cases have been documented in previous years. In 2023, Citizen Lab revealed the Blastpass attack chain, which used image and message parsing vulnerabilities to install commercial spyware without any user interaction. The pattern is now repeating itself, with Apple acknowledging ongoing attacks before the patch was released.

The impact affects iPhone XS or newer, iPads compatible with iPadOS 18, and Macs running Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8. Security agencies recommend that users update immediately and restart their devices to activate the patches.

Experts also reinforce best practices for cryptocurrency users, such as avoiding storing recovery phrases in photos, reviewing app permissions with image access, limiting clipboard usage, and adopting mobile wallets with more rigorous operational security.