CertiK advises urgent updating of iOS for OKX users due to significant security threat
CertiK, a blockchain security company, has issued an urgent update for users of the OKX wallet on iPhones after discovering a major security vulnerability in the iOS application.
In a post on X dated December 19, CertiK advised OKX wallet users on iPhones to immediately upgrade their app to the latest version. The security flaw found in the OKX iOS application posed a risk of compromising sensitive user data and cryptocurrency assets.
Earlier this month, CertiK identified and reported a critical Remote Code Execution (RCE) vulnerability in the OKX iOS App, which could potentially lead to the compromise of sensitive data and crypto assets, according to the blockchain security firm.
In response, OKX released an update to their iOS application, version 6.45.0, on December 19, to address this vulnerability. CertiK later confirmed that the security issue had been resolved and assured users that no customer assets were affected by the vulnerability.
However, this incident has sparked a debate about the disclosure of vulnerabilities. Tay Monahan, the lead of MetaMask, criticized the timing of the vulnerability’s disclosure, suggesting that revealing the issue on the same day as the fix’s release could put many users at risk. Monahan pointed out that it usually takes weeks to months for a user base to update to the latest app version.
Furthermore, there was confusion regarding the version number of the update containing the fix. CertiK referred to the updated version as 6.46.0, while OKX mentioned version 6.45.0, which was actually released on December 11. The exact version that includes the necessary security fix remains unclear.
This incident highlights the vulnerability of cryptocurrency wallets and exchanges to cyber attacks. In recent months, there has been a surge in such incidents, including a $114 million theft from Poloniex in November, a $100 million heist involving HTX and the Heco cross-chain bridge, and a $35 million loss suffered by Atomic wallet users in June following an iOS app update.
The continuous targeting of these platforms by hackers emphasizes the critical need for robust security measures in the cryptocurrency industry.
