Highlights
WhatsApp Security Flaw Fixed
WhatsApp recently announced that it has resolved a critical security issue in its iOS and Mac applications, which was being exploited to breach Apple devices belonging to particular targeted users.
CVE-2025-55177 Vulnerability Addressed
In a security advisory, the Meta-owned messaging service confirmed that it has mitigated the vulnerability, officially registered as CVE-2025-55177. This flaw was exploited alongside another Apple vulnerability, CVE-2025-43300, which was rectified by the iPhone manufacturer last week. Apple characterised the exploit as part of a highly sophisticated attack aimed at specific individuals.
Targeted Attacks Through Linked Vulnerabilities
WhatsApp indicated that numerous users were targeted through these interconnected vulnerabilities. Donncha Ó Cearbhaill, the head of Amnesty International’s Security Lab, referred to the incident on X as an advanced spyware campaign that had persisted for 90 days. He elaborated that the attack employed a zero-click method, meaning that victims did not need to click any links or take any action for their devices to be compromised.
Malicious Exploit Capable of Stealing Data
The combination of these vulnerabilities permitted attackers to dispatch a malicious exploit via WhatsApp, which could steal sensitive information. A threat notification shared by Ó Cearbhaill disclosed that the exploit had the potential to compromise devices and the data within, including personal messages.
Previous Government-Grade Spyware Incidents
This is not the first incident where the messaging service has fallen victim to government-grade spyware. In May, a U.S. court mandated Israeli firm NSO Group to pay WhatsApp $167 million in damages due to a 2019 hacking effort that infected over 1,400 users’ devices with the company’s Pegasus spyware.
Earlier in the year, WhatsApp thwarted another spyware campaign targeting around 90 individuals, including journalists and civil society activists in Italy. The Italian government denied any involvement, and the spyware vendor Paragon later severed Italy’s access to its tools after the misuse was exposed.
