WhatsApp addressed a zero-day vulnerability (CVE-2025-55177) that could have been exploited for targeted attacks, especially when combined with an Apple OS-level vulnerability (CVE-2025-43300). The flaw involved incomplete device authorization and could allow malicious URLs to be processed on targeted devices, potentially leading to sophisticated attacks. #WhatsApp #CVE2025-55177 #AppleVulnerabilities #NSOGroup #Pegasus
Keypoints
- WhatsApp patched a zero-day vulnerability that could be exploited for targeted attacks.
- The vulnerability involved incomplete synchronization device authorization (CVE-2025-55177).
- When combined with an Apple OS vulnerability, attackers could launch sophisticated exploits.
- Apple had previously patched a related out-of-bounds write vulnerability (CVE-2025-43300).
- Past incidents include NSO Groupβs Pegasus spyware and targeted attacks on WhatsApp users.
Read More: https://therecord.media/whatsapp-apple-zero-day-targeted-attacks