A vulnerability in WhatsApp with 0-Click attack affects iPhone, iPad and MacOS devices when receiving a modified DNG image

A vulnerability in WhatsApp with 0-Click attack affects iPhone, iPad and MacOS devices when receiving a modified DNG image

ByEthan Collins

Very recently that WhatsApp premiered application for iPadsan app that complemented the availability of the Meta messaging application For Apple’s ecosystem. But it has been discovered that this ecosystem It has vulnerability that some users with bad intentions can take advantage of control of your phone, Apple computer tablet. Taking advantage of a vulnerability of Type 0-CLICK RCE (Remote Code Execution) A user can Execute malicious code On your device.

A vulnerability at WhatsApp allows you to execute malicious code with 0-click type attack

Vulnerability, which exploits those already known as CVE-2025-55177 and CVE-2025-43300compromises the security of your iPhone, iPad or Mac. Users who want to use it will have to Send a modified DNG image that the user receives regularly. The danger is that it is about A 0-CLICK attackwhere It is not necessary to touch or open the image receivedbut when received automatically, this malicious code is automatically launched, Without opportunity to prevent it.

The user cannot do anything to avoid it, when receiving the image the injected code is launched

Initially, vulnerability CVE-2025-55177 takes advantage of A failure in checking the message receiveda verification that its origin is legitimate and of a linked device. WhatsApp thinks it’s a message of a reliable sender And he receives it without problem, to give way to the vulnerability CVE-2025-43300. This second has A failure in the DNG file analysis librarytaking it valid and executing it for visualization, No need to open it Thanks to the preview.

When sending a modified DNG image, WhatsApp will process it and will cause an error of memory corruption that will lead to the Execution of the injected code. A code that could be used to access your device content Mac, iPad or iPhone, such as your photos, your contact information or information stored in it. In addition, this vulnerability may be hidden And you can’t even see what devices are affected.

This remains hidden and you will not be able to check if your device has been infected

At the moment it seems that this only affects Apple devicesalthough the author is also investigating A possible similar problem with Samsung devices in a vulnerability associated with them CVE-2025-21043.

It is recommended Update the applicationSo Like the operating system From your device to obtain the latest security updates, there is no caution to take, since if someone sends you the image you can do to stop it.

Ethan Collins
Ethan Collins

As a dedicated tech enthusiast and writer at IRC Junkie, I explore the latest innovations in software and hardware. With a background in computer science, I thrive on simplifying complex technological concepts for our readers. My goal is to inspire curiosity and understanding in the ever-evolving world of technology.