A newly disclosed zero-click remote code execution (RCE) vulnerability in WhatsApp is being actively exploited against Apple’s iOS, macOS, and iPadOS platforms.
The flaw, demonstrated in a proof-of-concept by DarkNavyOrg researchers, leverages two distinct vulnerabilities—CVE-2025-55177 and CVE-2025-43300—to silently compromise devices without any user interaction.
Victims receive a malicious DNG image file via WhatsApp and, upon automatic parsing, suffer complete device takeover.
https://cyberpress.org/0-click-whatsapp-vulnerability/