New 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users
Cybersecurity NewsArchived May 27, 2026✓ Full text saved
A new 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users is raising serious concerns after multiple iPhone users reported their accounts being hijacked without any interaction, warnings, or visible linked devices. According to a recent forensic investigation by the Italian security firm Forenser, attackers are exploiting a zero-click attack chain that allows them to […] The post New 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users appeared first on Cyber Security News
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
New 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users
By Abinaya
May 27, 2026
A new 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users is raising serious concerns after multiple iPhone users reported their accounts being hijacked without any interaction, warnings, or visible linked devices.
According to a recent forensic investigation by the Italian security firm Forenser, attackers are exploiting a zero-click attack chain that allows them to silently access WhatsApp accounts, even while the legitimate user remains logged in.
Victims, primarily using iPhones running iOS 16 across models from iPhone 8 to iPhone 14, noticed unauthorized messages being sent from their accounts requesting money transfers, yet found no suspicious activity in the “Linked Devices” section.
0-Click WhatsApp Hijack Targets iOS 16 Users
Unlike traditional WhatsApp hijacking techniques such as QR code phishing or GhostPairing campaigns, this attack does not require user action, making it significantly more dangerous and difficult to detect.
Forensics ’ analysis identified unusual “resync” events in iOS unified logs, indicating that both the victim’s device and the attacker’s client were simultaneously competing to maintain control over the same WhatsApp session.
This behavior suggests that the attacker establishes a parallel session without registering it as a linked device, effectively bypassing WhatsApp’s visibility controls.
The attack reportedly chains CVE-2025-43300, an Apple ImageIO out-of-bounds write flaw, with CVE-2025-55177, a WhatsApp linked-device synchronization vulnerability affecting iOS versions below 16.7.12.
CVE-2025-43300 enables malicious image-based exploitation, while CVE-2025-55177 impacts improper handling of WhatsApp linked-device sync messages on vulnerable iOS devices.
Researchers found that attackers could leverage these flaws to extract cryptographic session data directly from the device, enabling them to initialize a rogue WhatsApp client tied to the victim’s account without triggering alerts.
Supporting evidence includes repeated image-processing errors documented in system logs at the time of compromise, reinforcing the likelihood of a malicious payload delivered via image-based vectors.
In controlled lab testing, Forenser successfully reproduced parts of the attack, confirming that session hijacking can occur without user awareness and without leaving typical forensic traces such as new device pairings.
To mitigate the risk, users are strongly advised to update their devices to the latest iOS version, as Apple has already patched CVE-2025-43300 in newer releases.
Additional protective steps include reinstalling WhatsApp, enabling chat lock features to restrict unauthorized access, and re-authenticating accounts on clean devices to invalidate attacker sessions.
Users should also avoid responding to suspicious financial requests via WhatsApp and instead verify them by phone, as attackers may intercept ongoing conversations.
This campaign highlights a growing trend: zero-click exploits, once limited to advanced state-sponsored operations, are increasingly adopted by financially motivated cybercriminals.
The widespread use of unpatched iOS 16 devices combined with publicly documented vulnerabilities has created an expanded attack surface, enabling threat actors to scale sophisticated attacks more effectively.
As investigations continue, this incident underscores the urgency of timely patching and proactive mobile security practices in defending against evolving zero-click threats.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
Top 10 Best Malware Sandbox Tools for Security Teams in 2026
Critical ExifTool Vulnerability Allows Attackers to Compromise Macs via Single Malicious Image
Fox Tempest Malware-Signing Service Abused Microsoft Artifact Signing to Certify Malware
TamperedChef Malware Uses Signed Productivity Apps to Deliver Stealers and RATs
Iranian APT Uses SEO Poisoning to Deliver Fake SQL Developer Malware Installer
Latest News
Cyber Security News
BIND 9 Software Vulnerabilities Exposes Resolvers and Authoritative Servers to Remote Exploits
Cyber Security News
India’s CERT-In Asks Organizations to Patch Vulnerabilities in Systems Within 12 hours
Cyber Security
Anthropic Releases Free Security Plugin for Claude Code Terminal to Detect Vulnerabilities
Cyber Security News
Multiple Angular Language Service Extension Vulnerabilities Enable RCE Attacks
ANY.RUN
How Tier 1 Can Process Alerts 3x Faster with Threat Intelligence