WhatsApp has addressed a safety vulnerability in its messaging apps for Apple iOS and MACOS that it has been said that recently revealed in zero-day attacks with a defect of Apple has been exploited in the wild.
Religion, Cve-2025-55177 (CVSS Score: 8.0), linked device belongs to a case of insufficient authority of synchronization messages. The internal researchers of the WhatsApp Security Team have been credited with the discovery and reunion of bug.
The Meta -owned company said the issue “may allow an unrelated user to trigger the processing of the material from an arbitrary URL on the target device.”
The defect affects the following versions –
- WhatsApp for iOS before version 2.25.21.73
- WhatsApp business for iOS version 2.25.21.78, and
- WhatsApp for MAC version 2.25.21.78
It was also assessed that the deficiency can be chained with chains with CVE-2025-43300, which is a vulnerability affecting iOS, iPados and Macos as part of a sophisticated attack against specific targeted users.
The CVE-2025-43300 was revealed last week by Apple, as the weapon was made in “extremely sophisticated attacks against specific targeted persons”.
In the question, vulnerability writes vulnerability in an out-of-bounds imagio framework, resulting in a memory corruption when processing a malicious image.
Doncha, the head of the security lab at Amnesty International, said that WhatsApp has reported an uninterrupted number of individuals who believe that they were targeted by an advanced spyware campaign using CVE-2015-55177 in the last 90 days.
In an alert sent to targeted persons, WhatsApp has also recommended a full device factory factory and its operating system and WhatsApp app to keep up-to-det for optimal security. It is not currently known which, or which spyware seller, is behind the attacks.
Ó Cearbhaill described the pair of weaknesses as a “zero-click” attack, which means that it does not require any user interaction, such as clicking on the link, to compromise your device.
“Initial indications are that the WhatsApp attack is influenced by both iPhone and Android users, affecting individuals of civil society between them,” Cearbhaill said. “Government spyware has continued to pose a threat to journalists and human rights guards.”
