HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Zero‑Click WhatsApp Account Takeover on iOS 16 iPhones Bypasses Linked‑Device Checks

A zero‑click exploit targeting iOS 16 devices hijacks WhatsApp accounts, allowing attackers to send fraudulent messages and read recent chats without any user interaction or visible linked‑device session. The technique bypasses standard MFA and device‑link checks, raising urgent TPRM concerns for any organization that relies on WhatsApp for business communications.

LiveThreat™ Intelligence · 📅 May 25, 2026· 📰 securityaffairs.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
1 sector(s)
Actions
3 recommended
📰
Source
securityaffairs.com

Zero‑Click WhatsApp Account Takeover on iOS 16 iPhones Bypasses Linked‑Device Checks

What Happened — A zero‑click exploit targeting iOS 16 devices allowed threat actors to hijack WhatsApp accounts, send fraudulent messages, and exfiltrate recent chat data without any user interaction or visible linked‑device session.

Why It Matters for TPRM — • Demonstrates that mobile‑app supply‑chain vulnerabilities can compromise third‑party communications channels. • Highlights the risk of credential‑less account takeover that bypasses traditional MFA and device‑link checks. • Forces enterprises to reassess the security posture of any vendor that relies on WhatsApp for customer outreach or internal coordination.

Who Is Affected — Mobile users of WhatsApp on iPhone 8 – 14 running iOS 16 (individuals, but also employees using WhatsApp for business).

Recommended Actions — • Verify that all corporate WhatsApp usage is limited to devices with the latest iOS patches (iOS 17+). • Enforce secondary verification for high‑value WhatsApp transactions (e.g., out‑of‑band confirmation). • Review vendor contracts for clauses requiring timely patching of mobile‑app dependencies.

Technical Notes — The attack leverages a previously unknown iOS 16 kernel vulnerability (zero‑click) to gain code execution within the WhatsApp process, inject messages, and read recent chats. No QR‑code pairing or credential theft is observed. The exploit appears to be a zero‑day, currently unpatched, and is being actively used in the wild. Source: Security Affairs

📰 Original Source
https://securityaffairs.com/192627/security/zero-click-whatsapp-account-takeover-hits-iphone-users-running-ios-16-no-linked-devices-no-warning.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Access is where most audits get tested.

Verisq AI Trust Operations maps incidents like this to your access controls and collects the evidence continuously, keeping your SOC 2 posture defensible.

See where you'd stand with Verisq AI Trust Operations →