1 year ago
Cryptocurrency speech OKX and blockchain information steadfast CertiK person disclosed a captious vulnerability successful OKX’s iOS wallet, triggering contiguous calls for users to update their apps.
The Dec. 19 announcement has sparked contention implicit the timing of the disclosure, arsenic concerns emergence astir the imaginable compromise of idiosyncratic information and crypto assets.
CertiK posted to Twitter/X:
“Attention! We impulse users of OKX wallets to update their iOS app to the latest mentation immediately. Earlier this month, we identified and reported a captious Remote Code Execution (RCE) vulnerability successful the OKX iOS App, leading to imaginable compromise of delicate information and crypto assets.“
In a abstracted announcement, OKX confirmed that it had deployed an update that resolved the issue. It asserted that the bug had not affected lawsuit funds.
The contented appears unrelated to an earlier onslaught connected OKX’s decentralized speech (DEX) aggregator, which led to $2.7 cardinal successful losses astir Dec. 12.
Quick disclosure attracts controversy
CertiK’s speedy disclosure was criticized by MetaMask pb Tay Monahan, who noted the hazard of disclosing an contented connected the time of the fix’s release. She wrote:
“Wait hold wait hold clasp up … How agelong does it instrumentality [OKX’s] idiosyncratic basal to get bulk updated historically? Like, it takes clip to rotation retired updates. Like weeks, months. And yet you’re disclosing there’s a [vulnerability] that could rekt each users remotely THE DAY OF?”
There is additionally a deficiency of clarity astir the day of the patch’s release. Whereas CertiK said that the applicable update was deployed successful an update contiguous (which the iOS App Store identifies arsenic mentation 6.46.0), OKX said that the update was deployed successful mentation 6.45.0 (which was released connected Dec. 11). Details successful the App Store store bash not bespeak which update really contains the fix.
Regardless, the bug has been disclosed nary much than 8 days aft the fix’s release, leaving users who bash not instantly update astatine risk.
The station OKX urges captious update aft wallet bug disclosed appeared archetypal connected CryptoSlate.
English (US) 