Trust Wallet, a prominent crypto wallet provider, has issued an urgent advisory to iOS users, warning them of a potential high-risk zero-day exploit targeting Apple’s iMessage application. The firm claims that the exploit, which is allegedly being sold on the dark web for $2 million, can infiltrate and take control of iPhones without requiring users to click on a link.
TLDR
- Trust Wallet has warned iOS users of a high-risk zero-day exploit targeting iMessage, which can allegedly infiltrate iPhones without users clicking on a link.
- The exploit is reportedly being sold on the dark web for $2 million, with high-value targets being most at risk.
- Some industry experts have expressed skepticism about the authenticity of the alleged exploit, arguing that the evidence provided by Trust Wallet is insufficient.
- Apple has recently released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones.
- iMessage has been used as an attack vector for hackers in previous events, according to security researchers at Kaspersky.
According to Trust Wallet, the spread of this exploit is currently estimated to be limited to iOS devices, though it may be replicated on more platforms. The company’s CEO, Eowyn Chen, shared a screenshot of the supposed exploit being sold on the dark web, further emphasizing the potential threat.
Threat intel detected an iOS iMessage zero-day exploit for sale in the Dark Web. It is a zero click exploit to take over control of the phone via iMessages. Its asking price is $2M. This would make sense for very high value individual targets, as more the zero-day is used,… https://t.co/KTKgW6uCuv pic.twitter.com/6ULRgVSxjc
— Eowync.eth (@EowynChen) April 15, 2024
However, the authenticity of the alleged zero-day exploit has been met with skepticism from several industry experts. Pseudonymous blockchain researcher Beau criticized the evidence provided by Trust Wallet, arguing that a screenshot of someone claiming to have an exploit does not constitute credible evidence. When asked whether it’s better to be “safe than sorry,” Beau stressed that Trust Wallet’s alert could cause panic-induced harm.
Despite the skepticism, Trust Wallet’s post on X garnered significant attention, with more than 1.2 million users viewing the alert within the first four hours of its posting. In response to another skeptical comment from crypto analyst foobar, Trust Wallet revealed that its intel was sourced from its “security team and partners” who constantly check for threats.
This alleged zero-day exploit threat comes on the heels of Apple releasing emergency security updates last month to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones. According to security researchers at Kaspersky, Apple’s iMessage application has been used as an attack vector for hackers in previous events.
As the crypto community grapples with the potential threat of this alleged zero-day exploit, it is crucial for users to remain vigilant and take necessary precautions to protect their digital assets.
While the authenticity of the exploit remains in question, the importance of robust cybersecurity measures cannot be overstated in an increasingly digital world.