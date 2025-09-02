  • Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

WhatsApp fixes vulnerability used in zero-click attacks

erek

erek

[H]F Junkie
2FA
Joined
Dec 19, 2005
Messages
13,300
“The infection chain described in the security advisories from Apple and WhatsApp relies on two components: an Apple vulnerability (CVE-2025-43300) in the Image I/O framework and a WhatsApp vulnerability (CVE-2025-55177) that allowed the hijacking of devices by synchronizing messages.

Attackers exploited the Apple ImageIO bug via malicious image files, which is dangerous because this core library is used by multiple apps (not just WhatsApp) for opening and previewing pictures. In affected WhatsApp versions for iOS and Mac, the sync message bug could trigger arbitrary URL processing, creating a powerful combo for chaining exploits and compromising devices without any user action.

While Android users were mentioned among potential targets in advanced spyware campaigns reported by Amnesty, the most severe zero-click risk described applies only to Apple devices. For Android, the WhatsApp vulnerability may have exposed users to attacks, but not via the same chained infection vectors. As always, updating WhatsApp and enabling advanced security features (like Google Advanced Protection on Android) is highly recommended. So is using security protection on your devices.

If you’ve received one of the notifications from WhatsApp, we’d advise you to follow the instructions.”

Source: https://www.malwarebytes.com/blog/n...ixes-vulnerability-used-in-zero-click-attacks
 
You must log in or register to reply here.
Back
Top