WhatsApp has fixed a serious security vulnerability in its iOS and macOS clients that was exploited in targeted zero-day attacks involving advanced spyware. This patch addresses a zero-click flaw (CVE-2025-55177) that, when combined with an Apple OS vulnerability (CVE-2025-43300), could have allowed attackers to compromise usersβ devices. #ZeroDay #Spyware
Keypoints
- WhatsApp revealed a zero-click vulnerability affecting iOS and macOS versions before certain updates.
- The flaw involved incomplete authorization in linked device synchronization, risking arbitrary URL content processing.
- The exploit was linked to a broader Apple OS zero-day (CVE-2025-43300) used in targeted attacks.
- Targeted users received alerts recommending factory resets and software updates to mitigate risks.
- Previous similar exploits by spyware, such as Paragonβs Graphite, have targeted journalists and civil society members.