Zero-Click Attack Compromises WhatsApp Accounts on iOS 16

Zero-Click Attack Compromises WhatsApp Accounts on iOS 16

First seen 26 May 2026, 17:03 UTC Securityaffairs.CoFeeds.FeedburnerGbhackersCybersecuritynews 89% similarity 69.9

Article Content

Browse articles
ThreatCluster

A sophisticated zero-click attack has been identified, targeting iPhones running iOS 16 and enabling attackers to hijack WhatsApp accounts without user interaction. The attack exploits vulnerabilities CVE-2025-43300 and CVE-2025-55177, allowing unauthorized access to WhatsApp sessions. Victims report their accounts sending fraudulent money requests without any notifications or linked device alerts. The Italian digital forensics firm Forenser confirmed the attack after multiple user reports. Users are advised to update their iOS and WhatsApp apps, lock their chats, and verify any money requests through direct communication. This incident illustrates the growing sophistication of cybercrime, particularly financially motivated attacks leveraging zero-day exploits. The attack is ongoing, with no confirmed patch available for the vulnerabilities yet.

Key Points: • Zero-click attack exploits CVE-2025-43300 and CVE-2025-55177 on iOS 16. • Victims' WhatsApp accounts are hijacked without user interaction or notifications. • Immediate updates to iOS and WhatsApp are recommended to mitigate risks.

ThreatCluster AI

Timeline

2025-08-21
CVE-2025-43300 published
CVE-2025-43300 was published, detailing a vulnerability in the ImageIO framework affecting iOS 16.
Security Affairs
2025-08-29
CVE-2025-55177 published
CVE-2025-55177 was published, indicating another vulnerability potentially exploitable in the attack chain.
Security Affairs
2025-09-02
CVE-2025-55177 added to CISA KEV
CVE-2025-55177 was added to the CISA Known Exploited Vulnerabilities catalog, indicating active exploitation.
Security Affairs
2026-04-25
First public PoC for CVE-2025-55177
A proof of concept for CVE-2025-55177 was made public, demonstrating the vulnerability's exploitability.
Security Affairs
2026-05-25
Incident reported by Forenser
Forenser reported multiple cases of WhatsApp accounts being hijacked via a zero-click attack on iOS 16.
Securityaffairs.Co
2026-05-26
Attack detailed in multiple articles
Cybersecurity news outlets reported on the zero-click attack, emphasizing its impact on iOS 16 users.
Gbhackers

Community

Browse all →