+- jsr -- 239d ---------------------------------------------------------------------------------------------------[...]+ | | | GOOD MORNING: WhatsApp caught & fixed a sophisticated zero click attack... | | | | They just published an advisory about it. | | | | Say attackers combined the exploit with an Apple vulnerability to hack a specific group of targets (i.e. this wasn't | | pointed at everybody) | | | | https://blossom.primal.net/b39ccf0552138996a4f86c4ff97fd60d7610ce71fc30f309cc8040b7aab8cfff.png | | | | That's a CROSS-APP exploit chain. Which is fancy. We'll discuss in a second. | | | | But wait, you say, haven't I heard of WhatsApp zero-click exploits not so long ago? | | | | You have. | | | | A big user base makes a platform big target for exploit development. | | | | Attacker's perspective = an exploit against a popular messenger gives you potential access to a lot of devices. | | | | The regular tempo of large platforms catching sophisticated exploits is a good sign. | | | | They're paying attention & devoting resources to a growing category: highly targeted, sophisticated attacks. | | | | But it's also a reminder of the magnitude of the threat. | | https://blossom.primal.net/bd2bae1825b7e29da59df2eaf0ac9bd5b3bec75ae8260e135dcdec3de45f8b11.png | | | | Here's the Apple CVE. | | | | Somewhere, earlier this summer, some people in a room probably had a bad day when this clever cross-app chain | | stopped working. | | | | The cross- app chain = probably also a sign of the increasing tech lift required to get to device compromise. | | Consequence of various mitigations. | | | | The cost-to-compromise is only going up. Which is arguably a sign that the increasing scrutiny + efforts by | | platforms & OS developers is having an impact. | | | | That said, the threat of this stuff is going nowhere because there's an infinite governmental appetite for | | compromise. | | | | Still, I'd argue that increasing costs of zero-clicks has the effect of pricing out a bunch of potential actors | | which slows the proliferation of this tech to *some* bad actors. | | | | WhatsApp Advisory: https://www.whatsapp.com/security/advisories/2025/ | | | | Apple Advisory: https://support.apple.com/en-us/124925 | | | +-- reply ---------------------------------------------------------------------------------------------- [4 replies] ---+GOOD MORNING: WhatsApp caught & fixed a sophisticated zero click attack... They just published an advisory about it. Say attackers combined the exploit with an Apple vulnerability to hack a specific group of targets (i.e. this wasn't pointed at everybody) https://blossom.primal.net/b39ccf0552138996a4f86c4ff97fd60d7610ce71fc30f309cc8040b7aab8cfff.png That's a CROSS-APP exploit chain. Which is fancy. We'll discuss in a second. But wait, you say, haven't I heard of WhatsApp zero-click exploits not so long ago? You have. A big user base makes a platform big target for exploit development. Attacker's perspective = an exploit against a popular messenger gives you potential access to a lot of devices. The regular tempo of large platforms catching sophisticated exploits is a good sign. They're paying attention & devoting resources to a growing category: highly targeted, sophisticated attacks. But it's also a reminder of the magnitude of the threat. https://blossom.primal.net/bd2bae1825b7e29da59df2eaf0ac9bd5b3bec75ae8260e135dcdec3de45f8b11.png Here's the Apple CVE. Somewhere, earlier this summer, some people in a room probably had a bad day when this clever cross-app chain stopped working. The cross- app chain = probably also a sign of the increasing tech lift required to get to device compromise. Consequence of various mitigations. The cost-to-compromise is only going up. Which is arguably a sign that the increasing scrutiny + efforts by platforms & OS developers is having an impact. That said, the threat of this stuff is going nowhere because there's an infinite governmental appetite for compromise. Still, I'd argue that increasing costs of zero-clicks has the effect of pricing out a bunch of potential actors which slows the proliferation of this tech to *some* bad actors. WhatsApp Advisory: https://www.whatsapp.com/security/advisories/2025/ Apple Advisory: https://support.apple.com/en-us/124925
thread · root 5a3c62e0…a8dc · depth 1 · · selected 5a3c62e0…a8dc
thread
root 5a3c62e0…a8dc · depth 1 · · selected 5a3c62e0…a8dc
GOOD MORNING: WhatsApp caught & fixed a sophisticated zero click attack...They just published an advisory about it.Say attackers combined the exploit with an Apple vulnerability to hack a specific group of targets (i.e. thiswasn't pointed at everybody)https://blossom.primal.net/b39ccf0552138996a4f86c4ff97fd60d7610ce71fc30f309cc8040b7aab8cfff.pngThat's a CROSS-APP exploit chain. Which is fancy. We'll discuss in a second.But wait, you say, haven't I heard of WhatsApp zero-click exploits not so long ago?You have.A big user base makes a platform big target for exploit development.Attacker's perspective = an exploit against a popular messenger gives you potential access to a lot of devices.The regular tempo of large platforms catching sophisticated exploits is a good sign.They're paying attention & devoting resources to a growing category: highly targeted, sophisticated attacks.But it's also a reminder of the magnitude of the threat.https://blossom.primal.net/bd2bae1825b7e29da59df2eaf0ac9bd5b3bec75ae8260e135dcdec3de45f8b11.pngHere's the Apple CVE.Somewhere, earlier this summer, some people in a room probably had a bad day when this clever cross-app chainstopped working.The cross- app chain = probably also a sign of the increasing tech lift required to get to device compromise.Consequence of various mitigations.The cost-to-compromise is only going up. Which is arguably a sign that the increasing scrutiny + efforts byplatforms & OS developers is having an impact.That said, the threat of this stuff is going nowhere because there's an infinite governmental appetite forcompromise.Still, I'd argue that increasing costs of zero-clicks has the effect of pricing out a bunch of potential actorswhich slows the proliferation of this tech to *some* bad actors.WhatsApp Advisory: https://www.whatsapp.com/security/advisories/2025/Apple Advisory: https://support.apple.com/en-us/124925
Goodmorning ☀️
interesting read, keep up the good work
https://i.imgur.com/dcqc32a.gif
I don’t click on any rando links anymore