Urgent: WhatsApp Patches Critical Zero-Click Exploit Targeting iOS and macOS
Urgent: WhatsApp Patches Critical Zero-Click Exploit Targeting iOS and macOS
WhatsApp has issued an emergency security update for its messaging applications on Apple iOS and macOS. The update addresses a critical “zero-click” vulnerability, CVE-2025-55177, which may have been actively exploited in the wild as part of sophisticated, targeted attacks.
This severe flaw, discovered by WhatsApp’s internal security team, stems from insufficient authorization in linked device synchronization messages. It could allow an attacker to force a target’s device to process content from an arbitrary URL without any user interaction. The vulnerability impacts WhatsApp for iOS prior to version 2.25.21.73, WhatsApp Business for iOS version 2.25.21.78, and WhatsApp for Mac version 2.25.21.78.
Security researchers believe CVE-2025-55177 may have been chained with a recently disclosed Apple vulnerability, CVE-2025-43300, an out-of-bounds write in the ImageIO framework affecting iOS, iPadOS, and macOS. This combined attack has been described as an “extremely sophisticated attack against specific targeted individuals,” including civil society members, journalists, and human rights defenders.
WhatsApp has begun notifying an unspecified number of individuals believed to have been targeted by this advanced spyware campaign within the past 90 days. All users are strongly urged to update their WhatsApp application and operating system to the latest versions immediately for optimal protection. For those who suspect they may have been targeted, a full device factory reset is also recommended. The identity of the attackers behind these campaigns remains under investigation.
Disclaimer: This content is aggregated from public sources online. Please verify information independently. If you believe your rights have been infringed, contact us for removal.