New Zero-Click WhatsApp Account Takeover Attack Targets iOS 16 Users

A newly uncovered zero-click campaign exploited two vulnerabilities (CVE-2025-43300 in Apple ImageIO and CVE-2025-55177 in WhatsApp) on iOS 16 devices to silently hijack WhatsApp accounts and send fraudulent money requests; forensic analysis found continuous resynchronization log patterns indicative of a hidden secondary client, and mitigation is to update iOS and WhatsApp or reinstall/move the account.