News

ZERO-CLICK WHATSAPP ATTACK: Danger Without Clicking

Autor DiagnozaBAM

ByBejenaru Alexandru Ionut

Oct 4, 2025 #auto, #bam, #cybersecurity, #diagnoza, #image parsing bug, #incident response, #ios patch, #lifestyle, #malicious dng, #mobile malware, #neamt, #roman, #sfaturi, #tech, #threat analysis, #tracker, #update now, #utile, #whatsapp vulnerabilities, #zero-click exploit
Zero click WhatsAppZero click WhatsApp
Zero click WhatsApp
© Bejenaru Alexandru Ionut – diagnozabam.ro

The zero-click WhatsApp attack uncovered recently exploits a chain of vulnerabilities so victims do not need to click anything to be infected. In this attack, WhatsApp is forced to automatically fetch a Digital Negative (.DNG) image from an attacker-controlled server. While the device attempts to render that image, a hidden error triggers and allows remote code execution — enabling malware install and data exfiltration — all without user interaction.

Technically, the attack blends CVE-2025-55177 (an incomplete-authorization issue in WhatsApp that permits processing content from links without proper checks) and CVE-2025-43300 (an out-of-bounds write in Apple’s ImageIO that enables arbitrary code execution). Using these vulnerabilities, an attacker crafts a malicious DNG file that corrupts memory when parsed, giving the attacker control and the ability to deploy persistent malware or spy on the user.

Affected products and versions include older WhatsApp releases for iOS and macOS and Apple ImageIO implementations shipped in iOS, iPadOS and macOS builds prior to the security updates listed by Apple. The best practical defense against this zero-click WhatsApp attack is immediate patching: update WhatsApp/WhatsApp Business/WhatsApp for Mac and install the latest Apple security updates.

Mitigation steps (concise):

  • Update WhatsApp to the latest version and apply Apple OS updates.

  • Enable two-step verification in WhatsApp and use strong device passcodes.

  • Limit auto-sync or automatic media download when possible, and avoid untrusted networks.

  • Monitor official security advisories (for example DNSC) and apply vendor recommendations.

  • If you suspect compromise, isolate the device and perform forensic review / professional cleanup.

For official advisories and deeper technical notes consult DNSC and our guidance hub: https://diagnozabam.ro/sfaturi/. The zero-click WhatsApp attack demonstrates how file handling code in widely used platforms can be leveraged for stealthy remote compromise — updates and vigilant device hygiene remain essential.
Source: ALERTA: WhatsApp 0-Click Vulnerability CVE-2025-55177 & CVE-2025-43300

✍️ Author: Bejenaru Alexandru Ionut – [email protected]

✍️ Author: Bejenaru Alexandru Ionut – [email protected]

🔗 Internal link: https://diagnozabam.ro/sfaturi

🤝 Support DiagnozaBAM

This content is free. Your donation is completely voluntary.

Donate on Ko-fi
Updated on 16 Jan 2026
Autor DiagnozaBAM

By Bejenaru Alexandru Ionut

Related Post

News

LARTE Carbon Kit for Mercedes G63 2026

Mar 27, 2026 Bejenaru Alexandru Ionut
News

Headlight Restoration Guide – Does DIY Polishing Really Work?

Mar 26, 2026 Bejenaru Alexandru Ionut
News

P0102 Code – Mass Air Flow Sensor Low Input

Mar 23, 2026 Bejenaru Alexandru Ionut

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.