By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Cybersecurity Beat
Search
  • Home
  • News & Alerts
  • Articles
  • Features
  • Spotlight
  • About
    • Mission
    • Services
    • Contact
Reading: Silent Account Hijack Exploits iOS 16 Image Flaw to Take Over WhatsApp
  • AI
  • Android
  • Authentication
  • Breaches
  • CASB
  • Compliance
  • Cryptography
  • Cyberinsurance
  • EDR
  • IAM
  • Malware
  • Phishing
  • Quantum
  • Ransomware
  • SecOps
  • SIEM
  • SOC
  • Threat Intelligence
  • Vulnerabilities
  • Zero Trust
Cybersecurity BeatCybersecurity Beat
Font ResizerAa
Search
  • News & Alerts
  • Articles
  • Spotlight
  • Features
  • Resources
Follow US
  • About CSB
  • Services
  • Contact
  • Privacy
  • Legal
©2026 CybersecurityBeat. All Rights Reserved.
Smartphone on desk with broken padlock and digital tentacles, account hijack concept
News & Alerts

Silent Account Hijack Exploits iOS 16 Image Flaw to Take Over WhatsApp

A zero click attack exploits two vulnerabilities to silently hijack WhatsApp accounts on iOS 16 devices, leaving no trace in linked devices settings.

CSBadmin
Last updated: May 27, 2026 9:24 pm
CSBadmin
2 Min Read
Share
SHARE

Attack Overview

A sophisticated zero click attack is actively targeting WhatsApp users on iOS 16, enabling attackers to hijack accounts without any victim interaction. According to an investigation by Italian security firm Forenser, victims running iOS 16 on iPhone models from the 8 to 14 have reported their accounts being silently taken over. The attackers send unauthorized messages requesting money transfers, yet no suspicious devices appear in the Linked Devices section, making the breach nearly invisible to the user.

Contents
Attack OverviewTechnical Exploitation Chain

Technical Exploitation Chain

The attack combines two distinct vulnerabilities to achieve the silent takeover. An image processing flaw in Apple ImageIO allows the delivery of a malicious payload through image files, while a separate vulnerability in WhatsApp’s linked device synchronization enables the extraction of cryptographic session data. This data is then used to initialize a rogue WhatsApp client that operates in parallel with the victim’s legitimate session. Forenser’s analysis found unusual resync events in iOS logs, revealing that both the attacker’s and victim’s clients were competing for control. The attack can be reproduced in lab settings, confirming that session hijacking occurs without any user awareness or forensic traces like new device pairings. Users should immediately update their devices to the latest available iOS and WhatsApp versions to mitigate the risk.

Source: Cyber Security News

CSBadmin

The latest in cybersecurity news and updates.

TAGGED:Account TakeoverImageIOZero Click
Share This Article
Facebook Print
ByCSBadmin
Follow:
The latest in cybersecurity news and updates.
Previous Article Urgent Update: Three Critical Flaws Patched in UniFi OS
Next Article iPhone with lock and shield icon showing theft detection auto-lock concept Apple Develops iPhone Auto Lock Feature That Triggers on Theft Detection

Trending

Featured image for cybersecuritybeat.com post 7940
CISA adds two Joomla extension flaws to known exploited vulnerabilities catalog
July 13, 2026
CISA contractor accidentally leaks AWS credentials on personal GitHub account
July 13, 2026
Okta warns of vishing attacks targeting Microsoft 365 user credentials
July 13, 2026
New UEFI bootkit targets Windows systems with kernel-level persistence
July 13, 2026
Critical flaw in industrial VPN allows unauthenticated remote code execution
July 13, 2026

Related Stories

CSBadmin

Friendly Fire Attack Hijacks AI Security Agents to Run Malicious Code

CSBadmin

Password Manager Provider Reports Limited Vault Exposure Following Account Attack

CSBadmin

Attackers Abuse Legitimate RMM Tools to Breach 80 US Organizations

CSBadmin

Major Patch Update: Critical RCE Flaws Force Urgent Action

csb-sized
  • About CSB
  • Services
  • Contact
  • Privacy
  • Legal

© 2026 Cybersecurity Beat. All rights reserved.

Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?