Feeds.Feedburner
Zero-Click Attack Compromises WhatsApp Accounts on iOS 16
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A sophisticated zero-click attack has been identified, targeting iPhones running iOS 16 and enabling attackers to hijack WhatsApp accounts without user interaction. The attack exploits vulnerabilities CVE-2025-43300 and CVE-2025-55177, allowing unauthorized access to WhatsApp sessions. Victims report their accounts sending fraudulent money requests without any notifications or linked device alerts. The Italian digital forensics firm Forenser confirmed the attack after multiple user reports. Users are advised to update their iOS and WhatsApp apps, lock their chats, and verify any money requests through direct communication. This incident illustrates the growing sophistication of cybercrime, particularly financially motivated attacks leveraging zero-day exploits. The attack is ongoing, with no confirmed patch available for the vulnerabilities yet.
Key Points: • Zero-click attack exploits CVE-2025-43300 and CVE-2025-55177 on iOS 16. • Victims' WhatsApp accounts are hijacked without user interaction or notifications. • Immediate updates to iOS and WhatsApp are recommended to mitigate risks.