WhatsApp has patched a security flaw used in “zero click” spyware attacks requiring no interaction from the user.
SOPA Images/LightRocket via Getty Images
WhatsApp has patched a security flaw used in “zero-click” spyware attacks requiring no interaction from the user.
Tracked as CVE-2025-55177, the WhatsApp vulnerability was used in real-life attacks alongside an Apple flaw tracked as CVE-2025-43300, to plant spyware on iPhones and Mac devices.
This was fixed on Aug. 20 in the iOS 18.6.2 update, as well as in iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8 and macOS Ventura 13.7.8.
The Apple vulnerability is a bug in Image/IO, which allows applications to read and write most image file formats, that could result in memory corruption if a user processes a malicious image.
“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the iPhone maker wrote on its support page.
WhatsApp Reveals Details About The Zero-Click Flaw
WhatsApp has revealed some limited details about the flaw, saying the attack would launch via a URL on the target’s Apple device. Since the flaw is described as zero-click, the user would not have needed to interact with the message sent via WhatsApp.
“Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device,” WhatsApp owner Meta said in an advisory. “We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users,” it added.
The flaw, which was caught by internal researchers on the WhatsApp security team, was used in a very targeted attack that hit less than 200 users, according to WhatsApp.
I have contacted WhatsApp for a comment and will update this article if the firm responds.
What The WhatsApp Flaw Means For You
The WhatsApp flaw is serious, because spyware means business. Once it is on your device, it can see and hear everything you do, including via encrypted apps. However, while spyware is dangerous, it is highly targeted, against dissidents, political figures, journalists and businesses operating in certain sectors.
If you are an average WhatsApp user, you don’t need to worry. But it’s still a good idea to check your WhatsApp version now, to ensure you are updated and safe from this attack.
This post was created with our nice and easy submission form. Create your post!
