By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Cybersecurity Beat
Search
  • Home
  • News & Alerts
  • Articles
  • Features
  • Spotlight
  • About
    • Mission
    • Services
    • Contact
Reading: Silent Account Hijack Exploits iOS 16 Image Flaw to Take Over WhatsApp
  • AI
  • Android
  • Authentication
  • Breaches
  • CASB
  • Compliance
  • Cryptography
  • Cyberinsurance
  • EDR
  • IAM
  • Malware
  • Phishing
  • Quantum
  • Ransomware
  • SecOps
  • SIEM
  • SOC
  • Threat Intelligence
  • Vulnerabilities
  • Zero Trust
Cybersecurity BeatCybersecurity Beat
Font ResizerAa
Search
  • News & Alerts
  • Articles
  • Spotlight
  • Features
  • Resources
Follow US
  • About CSB
  • Services
  • Contact
  • Privacy
  • Legal
©2026 CybersecurityBeat. All Rights Reserved.
Smartphone on desk with broken padlock and digital tentacles, account hijack concept
News & Alerts

Silent Account Hijack Exploits iOS 16 Image Flaw to Take Over WhatsApp

A zero click attack exploits two vulnerabilities to silently hijack WhatsApp accounts on iOS 16 devices, leaving no trace in linked devices settings.

CSBadmin
Last updated: May 27, 2026 9:24 pm
CSBadmin
2 Min Read
Share
SHARE

Attack Overview

A sophisticated zero click attack is actively targeting WhatsApp users on iOS 16, enabling attackers to hijack accounts without any victim interaction. According to an investigation by Italian security firm Forenser, victims running iOS 16 on iPhone models from the 8 to 14 have reported their accounts being silently taken over. The attackers send unauthorized messages requesting money transfers, yet no suspicious devices appear in the Linked Devices section, making the breach nearly invisible to the user.

Contents
Attack OverviewTechnical Exploitation Chain

Technical Exploitation Chain

The attack combines two distinct vulnerabilities to achieve the silent takeover. An image processing flaw in Apple ImageIO allows the delivery of a malicious payload through image files, while a separate vulnerability in WhatsApp’s linked device synchronization enables the extraction of cryptographic session data. This data is then used to initialize a rogue WhatsApp client that operates in parallel with the victim’s legitimate session. Forenser’s analysis found unusual resync events in iOS logs, revealing that both the attacker’s and victim’s clients were competing for control. The attack can be reproduced in lab settings, confirming that session hijacking occurs without any user awareness or forensic traces like new device pairings. Users should immediately update their devices to the latest available iOS and WhatsApp versions to mitigate the risk.

Source: Cyber Security News

CSBadmin

The latest in cybersecurity news and updates.

TAGGED:Account TakeoverImageIOZero Click
Share This Article
Facebook Print
ByCSBadmin
Follow:
The latest in cybersecurity news and updates.
Previous Article Urgent Update: Three Critical Flaws Patched in UniFi OS
Next Article iPhone with lock and shield icon showing theft detection auto-lock concept Apple Develops iPhone Auto Lock Feature That Triggers on Theft Detection

Trending

Featured image for cybersecuritybeat.com post 7936
Jscrambler npm package compromised in Rust infostealer attack
July 12, 2026
New Linux kernel bug gives attackers root on servers and Android devices
July 12, 2026
Hackers hijack Microsoft passkey enrollment in voice phishing blitz
July 12, 2026
One missing header is all it takes to own a Gitea Docker instance
July 12, 2026
AI coding assistants let researchers walk right past safety filters
July 12, 2026

Related Stories

CSBadmin

Massive Scans Target Cisco ASA Devices, Raising Fears of Imminent Exploit

CSBadmin

ClickFix Campaign Infects Hundreds of Education and Tech Sites with Malware

CSBadmin

Miasma Supply Chain Campaign Expands Across npm, GitHub Actions, and Go Projects

CSBadmin

Law Enforcement Dismantles AI Driven Phishing Network Tied to 3.8 Million Stolen Credit Cards

csb-sized
  • About CSB
  • Services
  • Contact
  • Privacy
  • Legal

© 2026 Cybersecurity Beat. All rights reserved.

Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?