WhatsApp Patches Vulnerability Exploited in Zero-Day Attacks
Summary:
WhatsApp has addressed a critical "zero-click" security vulnerability (CVE-2025-55177) in its iOS and macOS clients. This flaw, which affects WhatsApp for iOS prior to version 2.25.21.73 and WhatsApp for Mac v2.25.21.78, allowed an attacker to remotely trigger the processing of content from an arbitrary URL on a target's device without any user interaction. The company believes this vulnerability, in combination with a separate zero-day flaw on Apple's operating system (CVE-2025-43300), was exploited in a highly sophisticated, targeted spyware campaign. WhatsApp has issued security alerts to affected users, advising them to perform a factory reset of their devices and to keep their software updated. This is not the first time the messaging platform has been targeted; in March, it patched another zero-day flaw that was used to install Paragon's Graphite spyware, which was noted for targeting journalists and members of civil society.
Security Officer Comments:
The discovery of a second zero-day vulnerability being exploited in a targeted attack on WhatsApp within a short timeframe highlights the ongoing and sophisticated nature of the mercenary spyware industry. The level of sophistication from this threat actor is further reinforced by the fact that this flaw was likely chained together with a high-severity Apple OS vulnerability. The combination of a WhatsApp-specific flaw with an OS-level vulnerability on Apple devices suggests that the attackers are highly resourceful and likely well-funded, possibly state-backed. The "zero-click" nature of the attack is particularly concerning as it bypasses the need for social engineering and leaves the user with no opportunity to detect the threat. WhatsApp's prompt action in patching the flaw and notifying affected users is a positive step, but the advisory to perform a factory reset underscores the severity of the potential compromise and the difficulty of removing such advanced malware.
Suggested Corrections:
This affected WhatsApp for iOS versions before v2.25.21.73, WhatsApp Business for iOS before v2.25.21.78, and WhatsApp for Mac before v2.25.21.78. WhatsApp has patched CVE-2025-55177 and encourages affected users to urgently upgrade to patched versions. WhatsApp has been sending threat notifications to individuals it believes were targeted by the advanced spyware campaign within the last 90 days.
Link(s):
https://www.bleepingcomputer.com/news/security/whatsapp-patches-vulnerability-exploited-in-zero-day-attacks/
https://www.whatsapp.com/security/advisories/2025/
WhatsApp has addressed a critical "zero-click" security vulnerability (CVE-2025-55177) in its iOS and macOS clients. This flaw, which affects WhatsApp for iOS prior to version 2.25.21.73 and WhatsApp for Mac v2.25.21.78, allowed an attacker to remotely trigger the processing of content from an arbitrary URL on a target's device without any user interaction. The company believes this vulnerability, in combination with a separate zero-day flaw on Apple's operating system (CVE-2025-43300), was exploited in a highly sophisticated, targeted spyware campaign. WhatsApp has issued security alerts to affected users, advising them to perform a factory reset of their devices and to keep their software updated. This is not the first time the messaging platform has been targeted; in March, it patched another zero-day flaw that was used to install Paragon's Graphite spyware, which was noted for targeting journalists and members of civil society.
Security Officer Comments:
The discovery of a second zero-day vulnerability being exploited in a targeted attack on WhatsApp within a short timeframe highlights the ongoing and sophisticated nature of the mercenary spyware industry. The level of sophistication from this threat actor is further reinforced by the fact that this flaw was likely chained together with a high-severity Apple OS vulnerability. The combination of a WhatsApp-specific flaw with an OS-level vulnerability on Apple devices suggests that the attackers are highly resourceful and likely well-funded, possibly state-backed. The "zero-click" nature of the attack is particularly concerning as it bypasses the need for social engineering and leaves the user with no opportunity to detect the threat. WhatsApp's prompt action in patching the flaw and notifying affected users is a positive step, but the advisory to perform a factory reset underscores the severity of the potential compromise and the difficulty of removing such advanced malware.
Suggested Corrections:
This affected WhatsApp for iOS versions before v2.25.21.73, WhatsApp Business for iOS before v2.25.21.78, and WhatsApp for Mac before v2.25.21.78. WhatsApp has patched CVE-2025-55177 and encourages affected users to urgently upgrade to patched versions. WhatsApp has been sending threat notifications to individuals it believes were targeted by the advanced spyware campaign within the last 90 days.
Link(s):
https://www.bleepingcomputer.com/news/security/whatsapp-patches-vulnerability-exploited-in-zero-day-attacks/
https://www.whatsapp.com/security/advisories/2025/