New 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
A new 0-Click WhatsApp Account Takeover Attack<\/a> Targeting iOS 16 Users is raising serious concerns after multiple iPhone users reported their accounts being hijacked without any interaction, warnings, or visible linked devices.<\/p>\n According to a recent forensic investigation by the Italian security firm Forenser, attackers are exploiting a zero-click attack chain that allows them to silently access WhatsApp accounts, even while the legitimate user remains logged in.<\/p>\n Victims, primarily using iPhones running iOS 16 across models from iPhone 8 to iPhone 14, noticed unauthorized messages being sent from their accounts requesting money transfers, yet found no suspicious activity in the \u201cLinked Devices\u201d section.<\/p>\n Unlike traditional WhatsApp hijacking techniques such as QR code phishing or GhostPairing campaigns<\/a>, this attack does not require user action, making it significantly more dangerous and difficult to detect.<\/p>\n Forensics \u2019 analysis identified unusual \u201cresync\u201d events in iOS unified logs, indicating that both the victim\u2019s device and the attacker\u2019s client were simultaneously competing to maintain control over the same WhatsApp session.<\/p>\n This behavior suggests that the attacker establishes a parallel session without registering it as a linked device, effectively bypassing WhatsApp\u2019s visibility controls.<\/p>\n The attack reportedly chains CVE-2025-43300, an Apple ImageIO out-of-bounds write flaw, with CVE-2025-55177<\/a>, a WhatsApp linked-device synchronization vulnerability affecting iOS versions below 16.7.12.<\/p>\n CVE-2025-43300 enables malicious image-based exploitation, while CVE-2025-55177 impacts improper handling of WhatsApp linked-device sync messages on vulnerable iOS devices.<\/p>\n Researchers found that attackers could leverage these flaws to extract cryptographic session data directly from the device, enabling them to initialize a rogue WhatsApp client tied to the victim\u2019s account without triggering alerts.<\/p>\n Supporting evidence includes repeated image-processing errors documented in system logs at the time of compromise, reinforcing the likelihood of a malicious payload delivered via image-based vectors.<\/p>\n In controlled lab testing, Forenser successfully reproduced parts of the attack<\/a>, confirming that session hijacking can occur without user awareness and without leaving typical forensic traces such as new device pairings.<\/p>\n To mitigate the risk, users are strongly advised to update their devices to the latest iOS version, as Apple has already patched CVE-2025-43300 <\/a>in newer releases.<\/p>\n Additional protective steps include reinstalling WhatsApp, enabling chat lock features to restrict unauthorized access, and re-authenticating accounts on clean devices to invalidate attacker sessions.<\/p>\n Users should also avoid responding to suspicious financial requests via WhatsApp and instead verify them by phone, as attackers may intercept ongoing conversations.<\/p>\n This campaign highlights a growing trend: zero-click exploits<\/a>, once limited to advanced state-sponsored operations, are increasingly adopted by financially motivated cybercriminals.<\/p>\n The widespread use of unpatched iOS 16 devices combined with publicly documented vulnerabilities has created an expanded attack surface, enabling threat actors to scale sophisticated attacks more effectively.<\/p>\n As investigations continue, this incident underscores the urgency of timely patching and proactive mobile security practices in defending against evolving zero-click threats.<\/p>\n Follow us on\u00a0Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates.<\/strong><\/p>\n The post New 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n0-Click WhatsApp Hijack Targets iOS 16 Users<\/strong><\/h2>\n