WhatsApp has remedied a serious vulnerability that enabled attackers to attack devices without any action by those affected. Iphones and Macs were affected, on which the messenger app is installed.
The weak point, which is classified as CVE-2025-55177, concerns WhatsApp for iOS, WhatsApp Business for iOS and WhatsApp for Mac and was exploited for targeted spyware attacks. The security gap is based on an incomplete authorization of news synchronization. As a result, the attackers were able to make non -authorized users process the content of any URLs on the target devices. The weak point is particularly explosive through the combination with CVE-2025-43300, a security gap in Apple's image-framework that was patched last week.
The attack worked as a so-called Zero-Click-Exploit, in which no user interaction such as clicking on a link was necessary to compromise devices and to access data including messages. This type of attacks are particularly dangerous, since users have no way of protecting themselves through careful behavior.
The weak point made it possible to get attackers to get target devices to call up and process malignant content. In combination with the Apple weak point, the attackers were able to reach remote code designs on the affected devices. This chain of attack is characteristic of highly developed, targeted operations that are often associated with state -supported actors.
WhatsApp not only informed the affected users about the threat, but also recommended to reset their devices completely, since exploits may continue to be available on the devices. The patched versions are WhatsApp for iOS V2.25.21.73, WhatsApp Business for iOS V2.25.21.78 and WhatsApp for Mac V2.25.21.78.
This weak point is part of a series of security problems on WhatsApp, which are often exploited by government spyware. As early as 2019, WhatsApp was attacked by the Israeli NSO Group with the Pegasus spyware, which led to legal disputes. In 2021, security researchers also discovered several zero-day weak points in the application.