🚨 CRITICAL 🚨 Trust wallet claims malicious vulnerability in iOS

[taufik123]

Looking at the Twitter(X) homepage, I found a warning from Trust wallet that there is a vulnerability found in iOS.

Trust Wallet claims a high-risk exploit targeting iMessage is available on the Dark Web.

The exploit could infiltrate an iPhone without the user having to click on the link.

WHAT TO DO: Turn off iMessage immediately.

Navigate to Settings -> Messages -> turn off iMessage.
Keep it until Apple issues a security patch.



https://twitter.com/TrustWallet/status/1779961167537979775

[FinneysTrueVision]

After looking at this tweet, it doesn’t seem like this vulnerability is actively being exploited and may not even be real.
https://twitter.com/EowynChen/status/1779968264510050731

Somebody on the dark web is asking for $2 million in BTC for this exploit, which they claim will allow somebody to take control over someone’s iPhone. If an exploit is worth that much money you would think the seller might be better off keeping it a secret and getting rich by exploiting the vulnerability for their own benefit.

On the website selling the exploit, there is virtually no information — just some placeholders with misspelled text for other kinds of exploits. It is likely to be a scam and would not be too concerned about this.

[Yamane_Keto]

I searched a little for the details of this vulnerability and the best thing I found was that it is comparable to Pegasus spyware, if that vulnerability true then Trust Wallet is supposed to encrypt sensitive data, and therefore even if high-risk zero-day vulnerability occurs, customers’ funds are supposed to be safe as long as they use a strong password to encrypt the wallet file.

[Orpichukwu]

Somebody on the dark web is asking for $2 million in BTC for this exploit, which they claim will allow somebody to take control over someone’s iPhone. If an exploit is worth that much money you would think the seller might be better off keeping it a secret and getting rich by exploiting the vulnerability for their own benefit.

Yes, it's very possible for someone to have data that is worth a large amount of money and still want to sell it out to another person on the dark web.
 
I have read stories of hackers who extract information, sell it to those who will make use of it, get their money, and take off. Those who buy the data will be the ones who make use of it in their own ways to exploit the data owners.
 
I don't believe the person who placed the bid has access to such data; if not, they could have been pricing on that speculation on the internet already, but if such data does indeed exist, then I don't doubt the selling, as they can actually sell it to someone who can make better use of the information than them.