Technology Updates: Apple’s new iPhone 17 makes signing safer for frequent crypto users

Source:

https://cointelegraph.com/news/iphone-17-memory-protection-boosts-crypto-security?utm_source=rss_feed&utm_medium=rss&utm_campaign=rss_partner_inbound

ChatGPT:

Apple’s newly launched iPhone 17 introduces Memory Integrity Enforcement (MIE), a security upgrade designed to protect frequent crypto users from sophisticated cyberattacks. The system, enabled by default, applies Enhanced Memory Tagging Extension (EMTE)-style protections that detect and block unsafe memory access, such as out-of-bounds and use-after-free errors. These vulnerabilities account for nearly 70% of software flaws and are a common entry point for zero-day exploits targeting crypto wallets and Passkey approvals.

Cybersecurity firm Hacken highlighted that MIE “meaningfully” reduces risks by preventing attackers from hijacking signing code. By applying protections across both kernel and user-level processes, the system makes spyware and exploit development more difficult and expensive. Hacken noted that the feature directly benefits crypto wallet apps and Passkey flows, particularly for high-net-worth individuals or frequent signers.

Still, Apple’s MIE is not a cure-all. It does not address phishing, social engineering, malicious websites, or compromised applications. Users are urged to remain vigilant, as MIE complements but does not replace secure hardware wallets or basic security hygiene.

The upgrade comes amid rising threats to Apple’s crypto community. Just last month, a zero-click exploit was discovered that could compromise iPhones, iPads, and Macs without user interaction, prompting Apple to issue emergency patches. Earlier this year, Kaspersky reported malicious SDKs in app stores scanning photo galleries for wallet recovery phrases, while Trust Wallet previously warned users to disable iMessage due to an active zero-day threat.

By raising the difficulty and cost of attacks, iPhone 17’s MIE significantly improves baseline defenses for crypto users, but experts caution that layered security and user awareness remain essential.

Investing Updates: Ledger CTO warns users to halt onchain transactions amid massive NPM supply chain attack

Source:

https://www.theblock.co/post/369893/ledger-warns-halt-onchain-transactions-massive-npm-supply-chain-attack

ChatGPT:

Ledger’s Chief Technology Officer Charles Guillemet has urged crypto users to exercise extreme caution following what experts describe as one of the largest supply chain attacks in history. The incident stems from the compromise of an NPM account belonging to a reputable developer, with malicious code embedded in popular JavaScript packages that collectively have been downloaded more than one billion times.

Guillemet explained that the injected code silently swaps cryptocurrency addresses, redirecting funds to attackers without user awareness. This method, he warned, could endanger countless websites and applications — including crypto projects that rely heavily on JavaScript dependencies. Developers such as @0xCygaar and @0x_ultra highlighted that widely used packages like Chalk and its dependencies were impacted, noting billions of weekly downloads.

While the packages were reportedly patched around 15:15 UTC and NPM has disabled compromised versions, concerns remain that some website frontends could still be vulnerable. The package maintainer confirmed their account was hijacked after receiving a phishing email impersonating npmjs.com. Attackers threatened account lockouts to pressure maintainers into clicking malicious links.

Guillemet emphasized that users of hardware wallets like Ledger with “clear signing” are safe, provided they verify each transaction before approval. Those relying solely on software wallets are advised to halt onchain transactions temporarily.

The attack recalls earlier high-profile thefts, such as the $1.5 billion drained from Bybit by North Korean hackers, underscoring the crypto industry’s ongoing exposure to sophisticated exploits. Developers are urged to audit dependencies immediately and ensure their applications have not pulled compromised updates.

Though mitigations are underway, security experts caution that vigilance is crucial until the full extent of the attack is confirmed.

Technology Updates : Hardware wallet Ledger helps competitor Trezor resolve security vulnerability

Source : 

https://cointelegraph.com/news/trezor-resolves-security-flaw-identified-by-ledger

Apple Intelligence : 

• Security Flaw Discovered: Ledger’s open-source research arm discovered a security vulnerability in Trezor’s Safe 3 and 5 models.

• Vulnerability Details: Cryptographic operations could be performed on the microcontroller, potentially making the devices vulnerable to advanced attacks.

• Patch Implemented: Trezor has patched the vulnerability, addressing the security flaw found by Ledger.

• Trezor Security Issue: Ledger demonstrated a vulnerability in Trezor’s firmware integrity check, allowing attackers to bypass it.

• Trezor’s Response: Trezor confirmed the issue was resolved but didn’t disclose the method used. They also stated that user funds remained safe and no action was required.

• Ledger’s Security Breaches: Ledger has also faced security breaches, including a hacker stealing $484,000 worth of crypto assets in December 2023 and another threat actor publishing the mailing addresses of 270,000 customers in June 2020.

Investing Updates: Polymarket Blocked in Singapore: Prediction Market Faces Fresh Scrutiny

URL: https://www.blockhead.co/2025/01/07/polymarket-blocked-in-singapore-prediction-market-faces-fresh-scrutiny/

Gemini Summarized:

• Polymarket Blocked: The Singapore Police Force has blocked Polymarket, a prediction market platform, labeling it an "illegal gambling site."

• Regulatory Crackdown: This action comes amidst a crackdown on unlicensed gambling platforms in Singapore.

• Enforcement Shift: The Singapore Police Force now oversees enforcement, previously handled by the Gambling Regulatory Authority (GRA).

• Polymarket's Model: Polymarket allows users to bet on world events using cryptocurrency. It has faced regulatory challenges before, including a settlement with the U.S. Commodity Futures Trading Commission.

• Regulatory Concerns: The Singapore ban raises questions about the distinction between prediction markets and gambling.

• Broader Implications: This case highlights the challenges of regulating blockchain-based platforms and the evolving regulatory landscape for prediction markets globally.

Technology Updates : Passkeys

URL: https://9to5mac.com/2024/10/14/new-passkeys-import-export/

OpenAI:

Here are the 5 key points from the article on 9to5Mac about new passkey import/export specifications:

• New Specifications: The FIDO Alliance has introduced new specifications allowing users to import and export passkeys.

• User Choice: The new features aim to promote user choice by enabling passkey transfers between different password managers.

• Current Limitations: Currently, there is no secure way to move passkeys between password managers like Apple's Passwords app and 1Password.

• Credential Exchange Protocol: The draft specifications establish the Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF) for transferring passkeys.

• Enhanced Security: The new specifications ensure that passkeys can be transferred while maintaining encryption.

My Thoughts:

This is an important development in IT security.

Need a seamless way to port passwords securely with so many things in life being digitally dependent.