Attack Overview
A sophisticated zero click attack is actively targeting WhatsApp users on iOS 16, enabling attackers to hijack accounts without any victim interaction. According to an investigation by Italian security firm Forenser, victims running iOS 16 on iPhone models from the 8 to 14 have reported their accounts being silently taken over. The attackers send unauthorized messages requesting money transfers, yet no suspicious devices appear in the Linked Devices section, making the breach nearly invisible to the user.
Technical Exploitation Chain
The attack combines two distinct vulnerabilities to achieve the silent takeover. An image processing flaw in Apple ImageIO allows the delivery of a malicious payload through image files, while a separate vulnerability in WhatsApp’s linked device synchronization enables the extraction of cryptographic session data. This data is then used to initialize a rogue WhatsApp client that operates in parallel with the victim’s legitimate session. Forenser’s analysis found unusual resync events in iOS logs, revealing that both the attacker’s and victim’s clients were competing for control. The attack can be reproduced in lab settings, confirming that session hijacking occurs without any user awareness or forensic traces like new device pairings. Users should immediately update their devices to the latest available iOS and WhatsApp versions to mitigate the risk.
Source: Cyber Security News
