NEW: WhatsApp caught & fixed a sophisticated zero click attack... Now they've published an advisory about it. Say attackers combined the exploit with an Apple vulnerability to hack a specific group of targets (i.e. this wasn't pointed at everybody) Quick thoughts 1/
2/ Wait, you say, haven't I heard of WhatsApp zero-click exploits not so long ago? You have. A big user base makes a platform big target for exploit development. Attacker's perspective = an exploit against a popular messenger gives you potential access to a lot of devices.
3/ The regular tempo of large platforms catching sophisticated exploits is a good sign. They're paying attention & devoting resources to a growing category: highly targeted, sophisticated attacks. But it's also a reminder of the magnitude of the threat out there... www.whatsapp.com/security/adv...
4/ Here's the Apple CVE. Somewhere, earlier this summer, some people in a room probably had a bad day when this clever cross-app chain stopped working. The cross- app chain = probably also a sign of the increasing tech lift required to get to device compromise. Consequence of various mitigations.
