A "zero-click" attack is a type of cyber attack in which attackers exploit security vulnerabilities in software to infect malware or perform other malicious acts on the victim's device without the victim having to do any actions, such as clicking on a link, opening an attachment file or installing an application.
Meanwhile, security experts have just discovered a rare vulnerability in WhatsApp, allowing hackers to access the iPhone without requiring users to perform any operations.
In the face of this threat, users are advised to update their iOS apps and operating systems, and in some cases, restore their devices to their root settings.
The study found that the attack simultaneously exploited two security errors, one in WhatsApp and one in Apple software.
When combined, they allow hackers to access their iPhone or Mac, thereby stealing sensitive messages and data.
The worrying thing is that the victim does not need to click on a strange link or open a suspicious message, but just receives a hidden message that can be attacked.
Meta ( WhatsApp's parent company) confirmed the incident and said that less than 200 people were affected, mainly journalists, activists or public figures who are often exposed to cybersecurity risks.
For this group, in addition to updating the app, Meta recommends deleting all data and restoring the device to its original state, then reinstalling iOS and WhatsApp with the latest patch.
This is a measure to ensure that spyware no longer exists on the device.
Apple has also released an emergency update to fix a vulnerability in its image processing system.
Experts emphasize that even when the possibility of common users being targeted is very low, maintaining regular software and application updates is still the most effective way to prevent risks.
iPhone users are currently recommended:
- Check and install the latest WhatsApp update on the App Store.
- Upgrade the iOS operating system with security patches.
- If you receive a direct warning from WhatsApp, follow the instructions to restore the original settings.
Experts emphasize that no platform is absolutely safe. Being vigilant, regularly updating and proactively securing personal data will help reduce the risk of falling victim to sophisticated attacks.
