WhatsApp has corrected a critical 0 day (CVE-2025-55177) which allowed zero spyware attacks click on iOS and Mac users. The flaw was used to steal data. Update your application now to stay protected.
WhatsApp revealed that he had corrected serious security vulnerability in its applications for Apple devices that was used to secretly compromise iPhones and Mac of specific targeted users “.
The bug, identified as CVE-2025-55177Was discovered by the interior security team of Whatsapp. The company explained in its official advisory That the defect was part of a sophisticated attack chain which linked two distinct vulnerabilities. This is a zero attack method Click on, which does not require a victim to click on a link, open a file or take any other action for their device to be compromised.
The defect itself was a case of “incomplete authorization of the synchronization messages of the linked devices”, explains the opinion. This allowed an unrelated user to force the device to treat content from a malicious web address.
When associated with a separate Apple flaw, CVE-2025-43300 (which Apple had already corrected), in the way it manages the images, this attack chain could be used to install a malicious program and steal data without any user interaction. It should be noted that the defect affects WhatsApp for iOS before version 2.25.21.73, WhatsApp Business for iOS before version 2.25.21.78 and WhatsApp for Mac before version 2.25.21.78. WhatsApp confirmed that he had sent notifications to “less than 200” users who, according to him, had been assigned.
According to a statement From the National Cybersecurity Agency (NCSA) to Qatar, the severity of this defect lies in its mechanism for the processing of synchronization messages between linked devices, which could allow an initial access hacker to the device of a victim.
Amnesty International’s security laboratory, led by Donncha รณ Cearbhaill, described the pair of bugs as an “advanced spy software campaign” which targeted users in the last 90 days, or since the end of May, and was able to steal data from a user’s device, including messages. In a job On X, Cearbhaill also shared the necessary advice, advising people to update their devices or make factory reset.
Although it is not yet clear that is behind this last attack, it is not the first time that WhatsApp users have been targeted by advanced spy software. In 2019, the messaging application continued the Spyware Maker NSO group for a hacking campaign that compromised more than 1,400 users with its PEGASUS spy software. An American court later ordered the company to pay to WhatsApp 167 million dollars in damages.
This new incident shows the continuous threat of spy software and malware from the government. He also underlines why users should always hold their applications and updated operating systems, as these updates often contain critical security fixes to protect themselves from such sophisticated attacks.
