• Trust Wallet has identified a high-risk zero-day exploit in iMessage, potentially allowing unauthorized access without user interaction.
• A dark web entity is selling an exploit targeting iMessage, asking for $2 million, highlighting significant security concerns for iPhone users.
• Over 280 blockchain networks are susceptible to zero-day vulnerabilities, according to cybersecurity firm Halborn.

Trust Wallet, a leading unhosted digital wallet, has identified a severe threat to iPhone users, particularly those using iMessage. The company disclosed an ongoing investigation that uncovered a high-risk zero-day exploit being sold on the Dark Web, which poses a serious risk to users by potentially allowing attackers to infiltrate devices without any interaction from the victim.

Trust Wallet’s proactive surveillance of security threats led to the discovery of a dark web operator who claims the ability to compromise iPhones via an unpatched iMessage vulnerability. According to Trust Wallet, this exploit is particularly alarming as it does not require the target to click on a malicious link — a method commonly associated with many cyberattacks. The operator is reportedly soliciting $2 million for this capability, underscoring the potential severity and value of the exploit in criminal circles.

Over 280 blockchain networks are susceptible to zero-day vulnerabilities, possibly putting billions of dollars worth of cryptocurrencies at risk, according to cybersecurity firm Halborn. The warning from Trust Wallet emphasises the continuous requirement for strong security measures in the digital sphere.

A zero-day exploit is a type of cyberattack vector that preys on an undiscovered or unfixed security vulnerability in computer hardware, firmware, or software. “Zero days” describes a software or hardware issue where malevolent actors can already utilize it to get access to systems that are vulnerable, giving the vendor zero days to repair it.

Google found that 97 zero-day vulnerabilities were being used in the wild in 2023. That is still less than the record of 106 set in 2021, but it is more than 50% greater than in 2022. Google’s Threat Analysis Group (TAG) and Mandiant collaborated on the study for the first time, and the result was the publication of their fifth annual analysis of zero-day exploits in the wild today.

As digital security continues to be a critical concern for technology users worldwide, this incident highlights the importance of vigilance and proactive measures to safeguard personal and financial information. Trust Wallet’s disclosure aims to preempt potential attacks and encourage a swift response from Apple to close this dangerous security loophole.