WhatsApp 0-Click Flaw Abused via Malicious DNG Image File
gbhackersA newly discovered zero-click remote code execution (RCE) vulnerability in WhatsApp is putting millions of Apple users at risk.
Researchers from DarkNavyOrg have demonstrated a proof-of-concept (PoC) exploit that leverages two distinct flaws to compromise iOS, macOS, and iPadOS devices without any user interaction.
The attack chain begins with CVE-2025-55177, a critical logic error in WhatsApp’s message handling.
According to DarkNavyOrg, WhatsApp fails to validate whether an incoming message truly originates from a linked device.
We triggered WhatsApp 0-click on iOS/macOS/iPadOS.
— DARKNAVY (@DarkNavyOrg) September 28, 2025
CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300.
Analysis of Samsung CVE-2025-21043 is also ongoing. pic.twitter.com/idwZXqh5WK
This missing check allows an attacker to craft messages that appear to come from a user’s own trusted account. As soon as WhatsApp processes the ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE