Highlights
- Trust Wallet warns of a zero-day iMessage exploit sold for $2 million in bitcoin.
- Security experts question the credibility of the source, CodeBreach Lab.
- Trust Wallet advises iOS users to disable iMessage as a precaution.
- No evidence of exploit effectiveness; Apple has not confirmed any vulnerabilities.
The cryptocurrency wallet app Trust Wallet, owned by Binance exchange, has caused concerns by warning iOS users about an alleged security vulnerability in Apple’s iMessage system.
However, the claims appear to be based on an unverified advertisement rather than credible evidence.
Trust Wallet’s Security Flaw
Due to this post getting a lot of views & comments, we thought we’d elaborate further for the community:
How did we come by this intel?
Trust Wallet is constantly monitoring multiple avenues for any and all security threats to our users, alongside security partners &… https://t.co/Z7vFtMENIp— Trust Wallet (@TrustWallet) April 15, 2024
In posts on social media, Trust Wallet stated it had “credible intel” about a zero-day exploit that could allow hackers to remotely access iPhones through iMessage without any user interaction required.
The company said this purported flaw was being advertised for sale on the dark web for $2 million in bitcoin.
Based on this claim, Trust Wallet advised iOS users to disable the iMessage application as a precaution until Apple releases a security patch to address the alleged issue.
The warning naturally sparked alarm among many iPhone owners concerned about being hacked.
However, upon closer inspection, the supposed “intel” appears to originate from an advertisement on a relatively unknown dark web site called CodeBreach Lab, which has no established reputation.
The advert makes the bold claim of offering a zero-click remote code execution exploit impacting the latest iOS version, but provides no proof to back this up.
Security experts have expressed skepticism, noting CodeBreach Lab’s obscure nature and complete lack of established credibility.
It seems highly likely the site’s “iMessage Exploit” listing is little more than an audacious scam attempt to trick people into paying an exorbitant sum.
While Trust Wallet may have been well-intentioned, it appears the company fell victim to fear-mongering hype rather than a genuine and verified security threat.
Apple has not acknowledged any active iMessage vulnerabilities, making this particular iOS scare story seem unfounded – at least for now.
FAQs
What did Trust Wallet claim about the iOS security flaw?
Trust Wallet claimed to have “credible intel” about a zero-day exploit in Apple’s iMessage that could allow remote access to iPhones without user interaction.
They cited an advertisement on a dark web site offering this exploit for sale.
How did Trust Wallet respond to the alleged iMessage security flaw?
Trust Wallet advised iOS users to disable iMessage until a security patch could be issued by Apple, citing concerns over user safety based on the information they believed was credible.
Where did the claim about the iMessage exploit originate?
The claim originated from an advertisement on CodeBreach Lab, a dark web site that lacks a reputable track record and is unknown to many in the cybersecurity community.
What are the concerns regarding the credibility of the iMessage exploit advertisement?
Security experts have expressed doubts about the legitimacy of the CodeBreach Lab and the iMessage exploit advertisement, considering it likely to be a scam due to the lack of proof and the site’s obscurity.
Has Apple commented on the alleged iMessage security flaw?
As of now, Apple has not acknowledged any vulnerabilities related to the claims made by Trust Wallet regarding a zero-day exploit in iMessage.
Also Read: iOS 17 features for iPhones, as per the latest leak