The blockchain cybersecurity firm, CertiK, has reportedly been instrumental in uncovering critical security vulnerabilities in Apple’s latest iPhone operating system (iOS) update.
CertiK’s contributions were explicitly related to two security vulnerabilities in Apple’s iOS kernel, which were confirmed to affect the latest iOS devices. According to Apple’s official security update page, these vulnerabilities would have otherwise allowed an app to execute arbitrary code with kernel privileges.
Source: Apple
If exploited, the vulnerability allowing “an app to execute arbitrary code with kernel privileges” could potentially lead to a rogue application gaining high-level access to the system’s core or kernel. This level of access could allow the offending app to bypass security measures, manipulate system data, or even take control of the device.
In a worst-case scenario, this could lead to the theft of sensitive data, including personal information, financial details, or business intelligence. It could also allow the app to install malicious software, damage the system’s software, disrupt its operations, or use the device to launch attacks on other systems.
The consequences would be especially concerning for devices that handle sensitive data or transactions, such as cryptocurrency wallets. Hence, discovering and patching such vulnerabilities are critical in maintaining the security integrity of a device, safeguarding user data, and ensuring smooth operation.
Role of web3 in web2.
This achievement underscores how blockchain developers and security analysts are now emerging as crucial contributors to improving the security of web2 companies like Apple.
In an era where an increasing number of individuals worldwide rely on their smartphones for cryptocurrency wallets and other security-conscious applications, the devices must be resilient to security threats.
Certik stated that this latest discovery emphasizes the value of in-depth security research and proactive threat identification in web3 and highlights the importance of comprehensive, multi-layered security, extending “from the application layer down to the kernel layer.”
The acknowledgment from Apple serves is thus indicative of the increasing symbiosis between web2 and web3 companies, demonstrating that the expertise within the crypto world can extend benefits beyond its immediate domain and contribute to a broader digital security landscape.
CertiK enables 4,000 enterprise clients and has secured over $360 billion of digital assets, detecting nearly 70,000 vulnerabilities in blockchain code.