WhatsApp has patched a safety vulnerability in its iOS and macOS messaging purchasers that was exploited in focused zero-day assaults.
The corporate says this zero-click flaw (tracked as CVE-2025-55177) impacts WhatsApp for iOS previous to model 2.25.21.73, WhatsApp Enterprise for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78.
“Incomplete authorization of linked system synchronization messages in WhatsApp [..] might have allowed an unrelated person to set off processing of content material from an arbitrary URL on a goal’s system,” WhatsApp stated in a Friday safety advisory.
“We assess that this vulnerability, together with an OS-level vulnerability on Apple platforms (CVE-2025-43300), might have been exploited in a classy assault towards particular focused customers.”
When Apple launched emergency updates to patch the CVE-2025-43300 zero-day flaw earlier this month, it additionally said that the flaw had been exploited in an “extraordinarily refined assault.”
Whereas the 2 firms are but to publish additional info concerning the assaults, Donncha Ó Cearbhaill (the top of the Safety Lab at Amnesty Worldwide) stated that WhatsApp simply warned some customers that they have been focused in a complicated spy ware marketing campaign over the past 90 days.
“We have made modifications to forestall this particular assault from occurring by means of WhatsApp. Nevertheless, your system’s working system might stay compromised by the malware or be focused in different methods,” the alerts learn.
Within the menace notifications despatched to doubtlessly impacted people, WhatsApp advises them to carry out a tool manufacturing unit reset and to maintain their units’ working system and software program updated.
In March, WhatsApp patched one other zero-day flaw—following reviews from safety researchers on the College of Toronto’s Citizen Lab—that was exploited to put in Paragon’s Graphite spy ware.
“WhatsApp has disrupted a spy ware marketing campaign by Paragon that focused a lot of customers together with journalists and members of civil society. We have reached out on to individuals who we consider have been affected,” a WhatsApp spokesperson advised BleepingComputer on the time.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration tendencies.
