GOOD MORNING: WhatsApp caught & fixed a sophisticated zero click attack...

They just published an advisory about it.

Say attackers combined the exploit with an Apple vulnerability to hack a specific group of targets (i.e. this wasn't pointed at everybody)

That's a CROSS-APP exploit chain. Which is fancy. We'll discuss in a second.

But wait, you say, haven't I heard of WhatsApp zero-click exploits not so long ago?

You have.

A big user base makes a platform big target for exploit development.

Attacker's perspective = an exploit against a popular messenger gives you potential access to a lot of devices.

The regular tempo of large platforms catching sophisticated exploits is a good sign.

They're paying attention & devoting resources to a growing category: highly targeted, sophisticated attacks.

But it's also a reminder of the magnitude of the threat.

Here's the Apple CVE.

Somewhere, earlier this summer, some people in a room probably had a bad day when this clever cross-app chain stopped working.

The cross- app chain = probably also a sign of the increasing tech lift required to get to device compromise. Consequence of various mitigations.

The cost-to-compromise is only going up. Which is arguably a sign that the increasing scrutiny + efforts by platforms & OS developers is having an impact.

That said, the threat of this stuff is going nowhere because there's an infinite governmental appetite for compromise.

Still, I'd argue that increasing costs of zero-clicks has the effect of pricing out a bunch of potential actors which slows the proliferation of this tech to *some* bad actors.

WhatsApp Advisory: https://www.whatsapp.com/security/advisories/2025/

Apple Advisory: https://support.apple.com/en-us/124925