Zero-Click WhatsApp Account Takeover Hits iPhone Users Running iOS 16
🚨 Zero-Click WhatsApp Account Takeover 🚨
A zero-click attack targeting iPhones on iOS 16 has been reported, hijacking WhatsApp accounts without any linked devices, warnings, or user interaction. This alarming situation has affected multiple iPhone users in Italy over the past few weeks.
What Happened?
Users experienced a bizarre pattern where messages were sent from their WhatsApp number to recent contacts, requesting wire transfers, without any memory of sending them. Forensic investigations revealed an active zero-click exploitation campaign targeting a specific combination of iOS version and WhatsApp client.
Technical Insights
The forensic analysis conducted by the Italian digital forensics firm Forenser uncovered that every affected user was running an iPhone model from iPhone 8 to iPhone 14 with some version of iOS 16 installed. The attackers gained access to recent chat conversations and sent messages requesting money transfers, but they could not access older or archived chats.
The investigation pointed to known vulnerabilities in iOS 16, particularly CVE-2025-43300 and CVE-2025-55177. These vulnerabilities allowed attackers to exploit memory corruption and unauthorized access to WhatsApp sessions without any user interaction.
Mitigation Steps
To protect against this zero-click attack, users are advised to:
- Update iOS to the latest available version.
- Lock chats using WhatsApp’s built-in chat lock feature.
- Update or reinstall the WhatsApp app on a new device and complete fresh authentication.
This incident serves as a reminder that zero-click exploits are increasingly prevalent in financially motivated cybercrime. If you are running iOS 16 on an iPhone, update to the latest patch immediately! 🚀