DNGerousLINK: A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices
Zhongrui Li, Yizhe Zhuang, Kira Chen
39th Chaos Communication Congress (39C3): Power Cycles · Day 1 · Saal Fuse
This talk, presented by Zhongrui Li ("Nun"), Yizhe Zhuang, and Kira Chen from DarkMatter, provides a comprehensive technical analysis of recent zero-click attack chains targeting WhatsApp on both iOS and Samsung devices. The presentation meticulously dissects how a critical vulnerability in Apple's **Image I/O** framework, specifically within its DNG decompression functions (CVE-2023-41064), was leveraged to compromise iOS devices via WhatsApp. Furthermore, the researchers detail their independent discovery of multiple previously unknown zero-day vulnerabilities in Samsung's proprietary image libraries, `libimagecodec_qrm.so`, which were also susceptible to DNG-based exploits.