WhatsApp has patched a safety vulnerability in its iOS and macOS messaging shoppers that was exploited in focused zero-day assaults.
The corporate says this zero-click flaw (tracked as CVE-2025-55177) impacts WhatsApp for iOS previous to model 2.25.21.73, WhatsApp Enterprise for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78.
“Incomplete authorization of linked gadget synchronization messages in WhatsApp [..] might have allowed an unrelated consumer to set off processing of content material from an arbitrary URL on a goal’s gadget,” WhatsApp stated in a Friday safety advisory.
“We assess that this vulnerability, together with an OS-level vulnerability on Apple platforms (CVE-2025-43300), might have been exploited in a classy assault in opposition to particular focused customers.”
When Apple launched emergency updates to patch the CVE-2025-43300 zero-day flaw earlier this month, it additionally said that the flaw had been exploited in an “extraordinarily refined assault.”
Whereas the 2 corporations are but to publish additional info relating to the assaults, Donncha Ó Cearbhaill (the pinnacle of the Safety Lab at Amnesty Worldwide) stated that WhatsApp simply warned some customers that they have been focused in a sophisticated adware marketing campaign during the last 90 days.
“We have made adjustments to stop this particular assault from occurring by means of WhatsApp. Nonetheless, your gadget’s working system might stay compromised by the malware or be focused in different methods,” the alerts learn.
Within the risk notifications despatched to probably impacted people, WhatsApp advises them to carry out a tool manufacturing facility reset and to maintain their units’ working system and software program updated.
In March, WhatsApp patched one other zero-day flaw—following experiences from safety researchers on the College of Toronto’s Citizen Lab—that was exploited to put in Paragon’s Graphite adware.
“WhatsApp has disrupted a adware marketing campaign by Paragon that focused a lot of customers together with journalists and members of civil society. We have reached out on to individuals who we consider have been affected,” a WhatsApp spokesperson advised BleepingComputer on the time.
46% of environments had passwords cracked, practically doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and knowledge exfiltration tendencies.
