WhatsApp has fixed a critical zero-day vulnerability, CVE-2025-55177, that may have been exploited in targeted spyware attacks. This security flaw, combined with an Apple OS vulnerability, underscores the threat of sophisticated cyber espionage campaigns targeting specific users. #WhatsApp #NSOGroup
Keypoints
- WhatsApp patched a zero-day vulnerability linked to device synchronization messages.
- The vulnerability could allow attackers to trigger content processing from arbitrary URLs.
- It may have been exploited alongside an Apple OS out-of-bounds write issue to conduct targeted attacks.
- These exploits are often used in spyware campaigns, like those from NSO Group and QuaDream.
- The threat involves highly dangerous, zero-interaction spyware that can access device data secretly.
Read More: https://www.infosecurity-magazine.com/news/whatsapp-patches-zeroday-zeroclick/