“`html
An intricate attack initiative has utilized a previously undisclosed zero-day vulnerability in WhatsApp on Apple devices to focus on particular users, as confirmed by the company.
The flaw, now recognized as CVE-2025-55177, was combined with another vulnerability in Apple’s operating systems to breach devices and obtain user information.
WhatsApp has since fixed the vulnerability and has been issuing threat alerts to individuals it suspects were targeted by the sophisticated spyware operation within the past 90 days. The firm is encouraging affected users to promptly secure their devices.
A Dual-Pronged Assault
The assault exploited a sequence of vulnerabilities to gain entry to target devices. The initial attack vector was through WhatsApp on iOS and macOS.
The WhatsApp Vulnerability (CVE-2025-55177): This flaw was present in how WhatsApp managed linked device synchronization messages. According to a security advisory from WhatsApp, the defect could permit an attacker to initiate the processing of content from a random URL on a target’s device.
This impacted WhatsApp for iOS versions before v2.25.21.73, WhatsApp Business for iOS before v2.25.21.78, and WhatsApp for Mac before v2.25.21.78.
| Product | Affected Versions |
|---|---|
| WhatsApp for iOS | Versions prior to v2.25.21.73 |
| WhatsApp Business for iOS | Versions prior to v2.25.21.78 |
| WhatsApp for Mac | Versions prior to v2.25.21.78 |
The Apple OS Vulnerability (CVE-2025-43300): This WhatsApp flaw was utilized alongside a zero-day defect within Apple’s iOS, iPadOS, and macOS. Identified as CVE-2025-43300, this bug was an out-of-bounds write concern in the ImageIO framework.
Apple reported that processing a harmful image file could induce memory corruption and confirmed that the problem “may have been exploited in a remarkably advanced attack against specific targeted individuals.” The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included this vulnerability in its catalog of recognized exploited threats.
WhatsApp’s Reaction
Internal researchers within the WhatsApp Security Team identified the flaw. In response, the company has released a patch to thwart the attack from taking place through its platform.
Notifications dispatched to targeted users cautioned that a harmful message may have been utilized to breach their device and the information it holds, including messages.
In a correspondence to affected users, the company declared, “We’ve implemented adjustments to prevent this specific attack from transpiring via WhatsApp. However, your device’s operating system could still be compromised by the malware or be targeted in various ways.”
Given the intricate nature of the spyware, WhatsApp advises targeted individuals to conduct a complete factory reset of their devices.
The company also strongly recommends that all users maintain their devices updated to the latest version of their operating system and to confirm that their WhatsApp application is current.
This incident exemplifies the latest strategies of mercenary spyware campaigns targeting prominent figures, including journalists and civil society advocates, via widely-used communication applications.
“`