- WhatsApp fixed a significant security vulnerability that could affect iOS and macOS users.
- The flaw, CVE-2025-55177, may have been used in real-world attacks combined with a separate Apple vulnerability.
- The vulnerability allowed unauthorized users to trigger the processing of content from any URL on a target’s device.
- Impacted versions include WhatsApp for iOS before 2.25.21.73, WhatsApp Business for iOS version 2.25.21.78, and WhatsApp for Mac version 2.25.21.78.
- WhatsApp urged affected users to perform a full device reset and update their apps and operating systems.
WhatsApp has resolved a critical security issue impacting its messaging applications for Apple iOS and macOS. The company reported the vulnerability may have been actively exploited in combination with a recent Apple software flaw targeting specific users.
The vulnerability, tracked as CVE-2025-55177 with a severity score of 8.0 out of 10, involved insufficient authorization related to device synchronization messages. According to Meta, this security gap could permit an unrelated individual to make a target device process content from an arbitrary website address.
Meta listed affected software as WhatsApp for iOS versions before 2.25.21.73, WhatsApp Business for iOS version 2.25.21.78, and WhatsApp for Mac version 2.25.21.78. The company identified the issue internally and noted the vulnerability may have been combined with another Apple flaw, CVE-2025-43300, in targeted attacks. Apple recently disclosed CVE-2025-43300 as an out-of-bounds write flaw in the ImageIO framework, which could cause memory corruption when a malicious image is processed.
Amnesty International’s Security Lab head, Donncha Ó Cearbhaill, stated that WhatsApp notified a number of users believed to have been targets of an advanced spyware campaign in the past three months utilizing this vulnerability. In its alert to those affected, WhatsApp recommended a full device factory reset and keeping both WhatsApp and the device operating system updated for optimal protection.
Ó Cearbhaill described the two weaknesses as a “zero-click” attack, meaning the victim’s device could be compromised without any action, such as clicking a link. He explained, “Early indications are that the WhatsApp attack is impacting both iPhone and Android users, civil society individuals among them.” He added that government spyware remains a significant threat to journalists and human rights defenders.
It is currently unknown which group or company may be responsible for these attacks, and WhatsApp has not released any specific information about the perpetrators.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Tether Reverses Plan to Freeze USDT on Five Blockchains
- XRP, ETH Surge: Investors Turn to APT Miner for Stable Returns
- Bitcoin Drops 13% From August Highs Amid Investor Profit-Taking
- Elon Musk’s Lawyer to Lead $200M Dogecoin Treasury Company
- Hedera Highlights Benefits of Frequent, Incremental Software Releases
