WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

Posted on By CWS

Aug 30, 2025Ravie LakshmananZero-Day / Vulnerability

WhatsApp has addressed a safety vulnerability in its messaging apps for Apple iOS and macOS that it stated might have been exploited within the wild together with a lately disclosed Apple flaw in focused zero-day assaults.
The vulnerability, CVE-2025-55177 (CVSS rating: 8.0), pertains to a case of inadequate authorization of linked gadget synchronization messages. Inside researchers on the WhatsApp Safety Staff have been credited with discovering and rerating the bug.

The Meta-owned firm stated the problem “might have allowed an unrelated person to set off processing of content material from an arbitrary URL on a goal’s gadget.”

The flaw impacts the next variations –

WhatsApp for iOS previous to model 2.25.21.73
WhatsApp Enterprise for iOS model 2.25.21.78, and
WhatsApp for Mac model 2.25.21.78

It additionally assessed that the shortcoming might have been chained with CVE-2025-43300, a vulnerability affecting iOS, iPadOS, and macOS, as a part of a classy assault towards particular focused customers.
CVE-2025-43300 was disclosed by Apple final week as having been weaponized in an “extraordinarily subtle assault towards particular focused people.”
The vulnerability in query is an out-of-bounds write vulnerability within the ImageIO framework that might lead to reminiscence corruption when processing a malicious picture.
Donncha Ó Cearbhaill, head of the Safety Lab at Amnesty Worldwide, stated WhatsApp has notified an unspecified variety of people that they consider had been focused by a complicated spy ware marketing campaign prior to now 90 days utilizing CVE-2025-55177.
Within the alert despatched to the focused people, WhatsApp has additionally beneficial performing a full gadget manufacturing facility reset and maintaining their working system and the WhatsApp app up-to-date for optimum safety. It is presently not recognized who, or which spy ware vendor, is behind the assaults.

Ó Cearbhaill described the pair of vulnerabilities as a “zero-click” assault, that means it doesn’t require any person interplay, similar to clicking a hyperlink, to compromise their gadget.
“Early indications are that the WhatsApp assault is impacting each iPhone and Android customers, civil society people amongst them,” Ó Cearbhaill stated. “Authorities spy ware continues to pose a menace to journalists and human rights defenders.”

The Hacker News Tags:, , , , , , , , ,

Related Posts

That Network Traffic Looks Legit, But it Could be Hiding a Serious Threat That Network Traffic Looks Legit, But it Could be Hiding a Serious Threat The Hacker News
New Rust-Based Malware “ChaosBot” Uses Discord Channels to Control Victims’ PCs New Rust-Based Malware “ChaosBot” Uses Discord Channels to Control Victims’ PCs The Hacker News
Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft’s July Patch Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft’s July Patch The Hacker News
Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign The Hacker News
Europol and Eurojust Dismantle €600 Million Crypto Fraud Network in Global Sweep Europol and Eurojust Dismantle €600 Million Crypto Fraud Network in Global Sweep The Hacker News
U.S. Sanctions Garantex and Grinex Over 0M in Ransomware-Linked Illicit Crypto Transactions U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions The Hacker News