Want latest news insights in your inbox? Sign up for our weekly newsletters to get only what matters to your organization. Subscribe Now
A sophisticated attack campaign has leveraged a previously unknown zero-day vulnerability in WhatsApp on Apple devices to target specific users, the company has confirmed.
The vulnerability, now identified as CVE-2025-55177, was combined with a separate vulnerability in Apple’s operating systems to compromise devices and access user data.
WhatsApp has since patched the vulnerability and has been sending threat notifications to individuals it believes were targeted by the advanced spyware campaign within the last 90 days. The company is urging affected users to take immediate action to secure their devices.
A Two-Pronged Attack
The attack exploited a chain of vulnerabilities to gain access to target devices. The initial entry point was through WhatsApp on iOS and macOS.
The WhatsApp Vulnerability (CVE-2025-55177): This vulnerability existed in the way WhatsApp handled linked device synchronization messages. According to a security advisory from WhatsApp, the flaw could allow an attacker to trigger the processing of content from an arbitrary URL on a target’s device.
Affected Versions:
- WhatsApp for iOS: Versions prior to v2.25.21.73
- WhatsApp Business for iOS: Versions prior to v2.25.21.78
- WhatsApp for Mac: Versions prior to v2.25.21.78
The Apple OS Vulnerability (CVE-2025-43300): This WhatsApp vulnerability was used in conjunction with a zero-day flaw within Apple’s iOS, iPadOS, and macOS. Tracked as CVE-2025-43300, this bug was an out-of-bounds write issue in the ImageIO framework.
Apple stated that processing a malicious image file could lead to memory corruption, and confirmed that the issue “may have been exploited in an extremely sophisticated attack against specific targeted individuals.” The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its catalog of known exploited threats.
WhatsApp’s Response
Internal researchers on the WhatsApp Security Team discovered the vulnerability. In response, the company has deployed a patch to prevent the attack from occurring through its platform.
Notifications sent to targeted users warned that a malicious message may have been used to compromise their device and the data it contains, including messages.
In a message to affected users, WhatsApp stated:
“We’ve made changes to prevent this specific attack from occurring through WhatsApp. However, your device’s operating system could remain compromised by the malware or be targeted in other ways.”
Due to the sophisticated nature of the spyware, WhatsApp is recommending that targeted individuals perform a full device factory reset.
The company also strongly urges all users to keep their devices updated to the latest version of their operating system and to ensure their WhatsApp application is up to date.
“Our investigation indicates that a malicious message may have been sent to you through WhatsApp and combined with other vulnerabilities in your device’s operating system to compromise your device and the data it contains, including messages.
While we don’t know with certainty that your device has been compromised, we wanted to let you know out of an abundance of caution so you can take steps to secure your device and information.”
Wider Implications
This incident is the latest example of mercenary spyware campaigns targeting high-profile individuals, including journalists and civil society members, through popular communication platforms. It highlights the growing risks associated with zero-day exploits and the importance of maintaining robust digital security practices.
For more updates on critical cybersecurity threats, visit The Security Bench.
