Back

Zero-Click Attack Compromises WhatsApp Accounts on iOS 16

Severity: High (Score: 69.9)

Sources: Feeds.Feedburner, Securityaffairs.Co

Published: 2026-05-26 · Updated: 2026-05-26

Keywords: zero-click, whatsapp, linked, running, devices, security, attack

Summary

A sophisticated zero-click attack has been identified, targeting iPhones running iOS 16 and enabling attackers to hijack WhatsApp accounts without user interaction. This exploit leverages vulnerabilities in the ImageIO framework, specifically CVE-2025-43300 and potentially CVE-2025-55177. Victims are unaware as their accounts send unauthorized messages, often soliciting money transfers. The attack does not show up in the 'Linked Devices' section of WhatsApp, complicating detection. Continuous 'resync' events in device logs indicate a struggle between the legitimate user and the attacker. Users are advised to update their iOS and WhatsApp applications as primary mitigation steps. This incident reflects the growing sophistication of cybercriminals utilizing zero-day exploits against a broad user base. The threat is particularly concerning for those running unpatched operating systems. Key Points: • Zero-click attack targets iPhones on iOS 16, hijacking WhatsApp accounts without user action. • Exploits CVE-2025-43300 and potentially CVE-2025-55177 in the ImageIO framework. • Victims' accounts send unauthorized messages requesting money transfers, with no alerts.

Detailed Analysis

**Impact** iPhone users running iOS 16 are affected by this zero-click attack, which compromises WhatsApp accounts without user interaction or notifications. Attackers can send fraudulent messages requesting money transfers from victims' contacts, potentially causing financial loss. The attack impacts users globally but no specific sectors or geographic concentrations are detailed. The data at risk includes WhatsApp session cryptographic material enabling full account takeover. **Technical Details** The attack exploits vulnerabilities in iOS 16, specifically CVE-2025-43300 in the ImageIO framework and possibly CVE-2025-55177, to hijack WhatsApp sessions. Attackers extract cryptographic keys to instantiate new WhatsApp clients without appearing in the "Linked Devices" list. The attack involves zero-click exploitation with no user interaction and is detected by continuous "resync" events in device logs indicating session contention. No malware or infrastructure details are provided. **Recommended Response** Users should immediately update iOS to the latest available version to patch exploited vulnerabilities. Updating or reinstalling the WhatsApp app and enabling chat locking features are advised. Users receiving suspicious money requests should verify via direct voice calls rather than replying in-app. Monitoring device logs for unusual resync events may assist detection; no specific IOCs are provided.

Source articles (2)

  • Zero-Click WhatsApp Account Takeover Hits iPhone Users Running iOS 16. No Linked Devices, No Warning — Securityaffairs.Co · 2026-05-25
    A zero-click attack targeting iPhones on iOS 16 hijacked WhatsApp accounts without linked devices, warnings, or user interaction. There is a particular kind of security incident that is harder to expl…
  • Zero — Feeds.Feedburner · 2026-05-26
    As reported by Security Affairs, a sophisticated zero-click attack has been targeting iPhones running iOS 16, allowing threat actors to hijack WhatsApp accounts without any user interaction, linked de…

Timeline

  • 2025-08-21 — CVE-2025-43300 published: CVE-2025-43300 disclosed, detailing vulnerabilities in the ImageIO framework affecting iOS 16.
  • 2025-08-29 — CVE-2025-55177 published: CVE-2025-55177 published, potentially related to the ongoing exploitation of WhatsApp accounts.
  • 2025-09-02 — CVE-2025-55177 added to CISA KEV: CVE-2025-55177 categorized as actively exploited by CISA, raising awareness of the threat.
  • 2026-04-25 — First public PoC for CVE-2025-55177: Proof of Concept for CVE-2025-55177 released, demonstrating the exploit's capabilities.
  • 2026-05-25 — Media reports on zero-click attack: Security Affairs reports on the zero-click attack targeting WhatsApp accounts on iOS 16, detailing its impact.
  • 2026-05-26 — Current status of zero-click attack: Ongoing threat as users are urged to update iOS and WhatsApp to mitigate risks from the zero-click attack.

CVEs

  • CVE-2025-43300
  • CVE-2025-55177

Related entities

  • Zero-day Exploit (Attack Type)
  • ImageIO (Vulnerability)
  • IOS (Platform)
  • WhatsApp (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed