Zero-Click WhatsApp Account Takeover Hits iPhone Users Running iOS 16. No Linked Devices, No Warning

A zero-click exploit chain against iPhones on iOS 16 (linked to CVE-2025-43300 in ImageIO and CVE-2025-55177 in WhatsApp) has been used in the wild to exfiltrate WhatsApp session material and spawn remote clients that send fraudulent money requests while leaving no visible linked devices; Forenser confirmed active exploitation in Italy, reproduced the attack, and recommends immediate iOS and WhatsApp updates, chat locks, or reinstalling WhatsApp to evict attacker sessions.