WhatsApp Launches Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices
WhatsApp Launches Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices
WhatsApp has fixed a security hole in its iOS and macOS chat apps that it claims may have been used in the wild in combination with a recently revealed Apple vulnerability in targeted zero-day attacks.
The vulnerability, CVE-2025-55177 (CVSS score: 8.0), pertains to a situation where linked device synchronization messages are not sufficiently authorized. The flaw has been identified and reported by WhatsApp Security Team internal researchers.
The problem, according to the firm owned by Meta, “could have enabled an unauthorized user to trigger analysis of content from an arbitrary URL on a target’s device.”
The flaw affects the following versions –
- WhatsApp for iOS prior to version 2.25.21.73,
- WhatsApp Business for iOS version 2.25.21.78, and
- WhatsApp for Mac version 2.25.21.78.
The flaw might have been linked to CVE-2025-43300, a vulnerability that affects iOS, iPadOS, and macOS, as part of a complex attack against particular users, it was also determined.
Last week, Apple said that CVE-2025-43300 had been employed as a weapon in an “extremely sophisticated attack against specific targeted individuals.”
When a malicious image is processed, the ImageIO framework has an out-of-bounds write vulnerability that could cause memory damage.
According to Donncha Ó Cearbhaill, head of Amnesty International’s Security Lab, WhatsApp has alerted an undisclosed number of people they believe were the subject of a sophisticated spyware campaign exploiting CVE-2025-55177 throughout the last ninety days.
WhatsApp advised doing a complete device factory reset and updating both the operating system and the WhatsApp app for maximum security, in the warning that was sent to the targeted users. At this time, neither the identity nor the spyware vendor responsible for the attacks is known.
According to Ó Cearbhaill, the two vulnerabilities are referred to as a “zero-click” assault since they can compromise a device without the user having to do anything like click a link.
“Early signs are that the WhatsApp attack is affecting both iPhone and Android users, civil society individuals among them,” Cearbhaill stated. “Government spyware continues to pose a threat to journalists and human rights defenders.”
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.
Read More:
About Author
English