Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a comprehensive technical analysis of sophisticated zero-click exploits targeting WhatsApp on iOS and Samsung devices in this 53-minute conference presentation from 39C3. Examine the in-depth deconstruction of a critical exploit chain that allowed attackers to remotely compromise devices using only a phone number, without any user interaction. Learn how researchers analyzed and reproduced the attack methodology that chained two core vulnerabilities: CVE-2025-55177 in WhatsApp's message handling logic for linked devices, and CVE-2025-43300 in iOS image parsing libraries. Discover the technical details of how attackers exploited insufficient validation in WhatsApp's protocol message handling to force targets to load malicious web content containing crafted DNG images. Follow the step-by-step process of vulnerability chaining that enabled simultaneous crashes across iPhones, iPads, and Macs. Investigate the related Samsung device vulnerabilities, including CVE-2025-21043, and understand how this research led to the discovery of additional previously unknown zero-day vulnerabilities. Gain insights into the sophisticated attack vectors used in real-world spyware campaigns and the technical methodologies employed by security researchers to reverse-engineer and understand these complex exploit chains.
