CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 27, 2026

New 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users

Cybersecurity News Archived May 27, 2026 ✓ Full text saved

A new 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users is raising serious concerns after multiple iPhone users reported their accounts being hijacked without any interaction, warnings, or visible linked devices. According to a recent forensic investigation by the Italian security firm Forenser, attackers are exploiting a zero-click attack chain that allows them to […] The post New 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users appeared first on Cyber Security News

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News New 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users By Abinaya May 27, 2026 A new 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users is raising serious concerns after multiple iPhone users reported their accounts being hijacked without any interaction, warnings, or visible linked devices. According to a recent forensic investigation by the Italian security firm Forenser, attackers are exploiting a zero-click attack chain that allows them to silently access WhatsApp accounts, even while the legitimate user remains logged in. Victims, primarily using iPhones running iOS 16 across models from iPhone 8 to iPhone 14, noticed unauthorized messages being sent from their accounts requesting money transfers, yet found no suspicious activity in the “Linked Devices” section. 0-Click WhatsApp Hijack Targets iOS 16 Users Unlike traditional WhatsApp hijacking techniques such as QR code phishing or GhostPairing campaigns, this attack does not require user action, making it significantly more dangerous and difficult to detect. Forensics ’ analysis identified unusual “resync” events in iOS unified logs, indicating that both the victim’s device and the attacker’s client were simultaneously competing to maintain control over the same WhatsApp session. This behavior suggests that the attacker establishes a parallel session without registering it as a linked device, effectively bypassing WhatsApp’s visibility controls. The attack reportedly chains CVE-2025-43300, an Apple ImageIO out-of-bounds write flaw, with CVE-2025-55177, a WhatsApp linked-device synchronization vulnerability affecting iOS versions below 16.7.12. CVE-2025-43300 enables malicious image-based exploitation, while CVE-2025-55177 impacts improper handling of WhatsApp linked-device sync messages on vulnerable iOS devices. Researchers found that attackers could leverage these flaws to extract cryptographic session data directly from the device, enabling them to initialize a rogue WhatsApp client tied to the victim’s account without triggering alerts. Supporting evidence includes repeated image-processing errors documented in system logs at the time of compromise, reinforcing the likelihood of a malicious payload delivered via image-based vectors. In controlled lab testing, Forenser successfully reproduced parts of the attack, confirming that session hijacking can occur without user awareness and without leaving typical forensic traces such as new device pairings. To mitigate the risk, users are strongly advised to update their devices to the latest iOS version, as Apple has already patched CVE-2025-43300 in newer releases. Additional protective steps include reinstalling WhatsApp, enabling chat lock features to restrict unauthorized access, and re-authenticating accounts on clean devices to invalidate attacker sessions. Users should also avoid responding to suspicious financial requests via WhatsApp and instead verify them by phone, as attackers may intercept ongoing conversations. This campaign highlights a growing trend: zero-click exploits, once limited to advanced state-sponsored operations, are increasingly adopted by financially motivated cybercriminals. The widespread use of unpatched iOS 16 devices combined with publicly documented vulnerabilities has created an expanded attack surface, enabling threat actors to scale sophisticated attacks more effectively. As investigations continue, this incident underscores the urgency of timely patching and proactive mobile security practices in defending against evolving zero-click threats. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Top 10 Best Malware Sandbox Tools for Security Teams in 2026 Critical ExifTool Vulnerability Allows Attackers to Compromise Macs via Single Malicious Image Fox Tempest Malware-Signing Service Abused Microsoft Artifact Signing to Certify Malware TamperedChef Malware Uses Signed Productivity Apps to Deliver Stealers and RATs Iranian APT Uses SEO Poisoning to Deliver Fake SQL Developer Malware Installer Latest News Cyber Security News BIND 9 Software Vulnerabilities Exposes Resolvers and Authoritative Servers to Remote Exploits Cyber Security News India’s CERT-In Asks Organizations to Patch Vulnerabilities in Systems Within 12 hours Cyber Security Anthropic Releases Free Security Plugin for Claude Code Terminal to Detect Vulnerabilities Cyber Security News Multiple Angular Language Service Extension Vulnerabilities Enable RCE Attacks ANY.RUN How Tier 1 Can Process Alerts 3x Faster with Threat Intelligence
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    May 27, 2026
    Archived
    May 27, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗