Jump to content
Login new information ×
Giveaway Contest ×
Login new information
Giveaway Contest
  • Security & Privacy News

    WhatsApp patches vulnerability exploited in zero-day attacks

    Karlston

    By Karlston,
    Published Date:

    • 533 views
    • 2 minutes
     Share
    • 533 views
    • 2 minutes

    WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks.

     

    The company says this zero-click flaw (tracked as CVE-2025-55177) affects WhatsApp for iOS prior to version 2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78.

     

    "Incomplete authorization of linked device synchronization messages in WhatsApp [..] could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target's device," WhatsApp said in a Friday security advisory.

     

    "We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users."

     

    When Apple released emergency updates to patch the CVE-2025-43300 zero-day flaw earlier this month, it also stated that the flaw had been exploited in an "extremely sophisticated attack."

     

    While the two companies are yet to publish further information regarding the attacks, Donncha Ó Cearbhaill (the head of the Security Lab at Amnesty International) said that WhatsApp just warned some users that they've been targeted in an advanced spyware campaign over the last 90 days.

     

    "We've made changes to prevent this specific attack from occurring through WhatsApp. However, your device's operating system could remain compromised by the malware or be targeted in other ways," the alerts read.

     

    In the threat notifications sent to potentially impacted individuals, WhatsApp advises them to perform a device factory reset and to keep their devices' operating system and software up to date.

     

    In March, WhatsApp patched another zero-day flaw—following reports from security researchers at the University of Toronto's Citizen Lab—that was exploited to install Paragon's Graphite spyware.

     

    "WhatsApp has disrupted a spyware campaign by Paragon that targeted a number of users including journalists and members of civil society. We've reached out directly to people who we believe were affected," a WhatsApp spokesperson told BleepingComputer at the time.

     

    Source

    Hope you enjoyed this news post. Feedback welcome.

    Posted Saturday 30 August 2025 at 3:07 am AEST (my time).

    News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of July): 3,458

    RIP Matrix

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...