A sophisticated attack campaign has leveraged a previously unknown zero-day vulnerability in WhatsApp on Apple devices to target specific users, the company has confirmed.
The vulnerability, now identified as CVE-2025-55177, was combined with a separate vulnerability in Apple’s operating systems to compromise devices and access user data.
WhatsApp has since patched the vulnerability and has been sending threat notifications to individuals it believes were targeted by the advanced spyware campaign within the last 90 days. The company is urging affected users to take immediate action to secure their devices.
A Two-Pronged Attack
The attack exploited a chain of vulnerabilities to gain access to target devices. The initial entry point was through WhatsApp on iOS and macOS.
The WhatsApp Vulnerability (CVE-2025-55177): This vulnerability existed in the way WhatsApp handled linked device synchronization messages. According to a security advisory from WhatsApp, the flaw could allow an attacker to trigger the processing of content from an arbitrary URL on a target’s device. This affected WhatsApp for iOS versions before v2.25.21.73, WhatsApp Business for iOS before v2.25.21.78, and WhatsApp for Mac before v2.25.21.78.
The Apple OS Vulnerability (CVE-2025-43300): This WhatsApp vulnerability was used in conjunction with a zero-day flaw within Apple’s iOS, iPadOS, and macOS. Tracked as CVE-2025-43300, this bug was an out-of-bounds write issue in the ImageIO framework.
Apple stated that processing a malicious image file could lead to memory corruption, and confirmed that the issue “may have been exploited in an extremely sophisticated attack against specific targeted individuals”. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its catalog of known exploited threats.
WhatsApp’s Response
Internal researchers on the WhatsApp Security Team discovered the vulnerability. In response, the company has deployed a patch to prevent the attack from occurring through its platform.
Notifications sent to targeted users warned that a malicious message may have been used to compromise their device and the data it contains, including messages. In a message to affected users, the company stated, “We’ve made changes to prevent this specific attack from occurring through WhatsApp. However, your device’s operating system could remain compromised by the malware or be targeted in other ways.”
Due to the sophisticated nature of the spyware, WhatsApp is recommending that targeted individuals perform a full device factory reset. The company also strongly urges all users to keep their devices updated to the latest version of their operating system and to ensure their WhatsApp application is up to date.
This incident is the latest example of mercenary spyware campaigns targeting high-profile individuals, including journalists and civil society members, through popular communication platforms.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
