IEEE conference paper · MCS · UNSTPB 2026

Zero-click exploit: the 2025 WhatsApp-ImageIO chain

Write-Primitive Exploits in Production: From Zero-Click iOS Chains to Linux Kernel Root, 2016-2026

Ștefan-Daniel Wagner · Dan-Gabriel Oltean · Victor-Nicolae Matveev · Coordonator: conf. univ. dr. Emil Simion, FSA · emil.simion@upb.ro

Zero-click exploits - attacks that compromise a device without any user interaction - represent the most asymmetric threat in mobile security. This paper analyzes the 2025 WhatsApp-ImageIO zero-click exploit chain, which combined a WhatsApp linked-device authorization bypass (CVE-2025-55177, CWE-863) with a heap out-of-bounds write in Apple's ImageIO framework (CVE-2025-43300, CWE-787) to achieve remote code execution on iOS devices, targeting approximately 200 journalists and civil-society figures over 90 days. We reconstruct the chain from public primary sources and use the Exploit Education Phoenix heap-two exercise as a pedagogical bridge to demonstrate that the core exploitation primitive is identical at the textbook and production levels. We recommend incremental rewriting of high-exposure C/C++ parsers in memory-safe languages and deployment of hardware memory tagging as structural countermeasures.

Download PDF Citation
Sections

Browse by chapter

I

Introduction

Why zero-click chains matter and what the 2025 case reveals.
II

Background

The C memory model, CWE classes, iOS media pipeline, FORCEDENTRY precedent.
III

Methodology

CVE selection, analysis framework, Phoenix heap-two pedagogical bridge.
IV

Case Study

The 2025 chain: delivery (CVE-2025-55177) and exploitation (CVE-2025-43300).
V

Discussion

Why mitigations failed, sandbox escape, structural alternatives.
VI

Conclusion

Findings and recommendations.
Citation

Cite this paper

IEEE-format BibTeX entry:

@inproceedings{wagner2026zeroclick,
  title     = {Zero-click exploit: the 2025 WhatsApp-ImageIO chain},
  subtitle  = {Write-Primitive Exploits in Production: From Zero-Click iOS Chains to Linux Kernel Root, 2016-2026},
  author    = {Wagner, {\c S}tefan-Daniel and Oltean, Dan-Gabriel and Matveev, Victor-Nicolae},
  booktitle = {Master's Research, Metodologia Cerceta\u{r}ii {\c S}tiin\c{t}ifice},
  school    = {Universitatea Na{\c t}ional\u{a} de {\c S}tiin{\c t}\u{a} {\c s}i Tehnologie POLITEHNICA Bucure{\c s}ti},
  year      = {2026},
  note      = {Coordinator: conf. univ. dr. Emil Simion, FSA, emil.simion@upb.ro}
}