- Hackers have been targeting WhatsApp users on iOS and Mac
- The threat actors abused a new bug which enabled zero-click attacks
- Meta apparently sent less than 200 cyberattack warning notifications
WhatsApp[1] has patched a high-severity vulnerability in its iOS and Mac applications which was apparently used in zero-click attacks against a handful of high-profile individuals.
In a security advisory, the company said it fixed CVE-2025-55177, an “incomplete authorization of linked device synchronization messages in WhatsApp” bug which, “could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.”
This bug was allegedly chained with a separate flaw, fixed earlier in August, tracked as CVE-2025-43300. These two were used “in a sophisticated attack against specific targeted users.”
Targeting high-profile individuals
Head of the Amnesty International’s Security Lab, Donncha Ó Cearbhaill, said on X that an “advanced spyware campaign” has been active since the end of May 2025, targeting Apple[2] users with a “zero-click” attack that requires no interaction from the victim, TechCrunch reported.
The same source posted a copy of the data breach notification letter WhatsApp sent to affected individuals, in which it was said that their device, and the data it contains (including messages) were most likely compromised.
At press time, no threat actors assumed responsibility for this attack, and the researchers were not yet able to attribute it to anyone.
However, Meta spokesperson Margarita Franklin told TechCrunch the company had sent out “less than 200” notifications.
This could mean the attacks were highly targeted, possibly to maximize its efficiency and not draw too much attention from the cybersecurity community.
Zero-click attacks are few and far apart, and when they do pop up, they are usually abused by nation-states in espionage campaigns against politicians and diplomats, journalists, dissidents, government agents, military and defense personnel, and similar.
In late April 2025, researchers found Apple’s AirPlay Protocol and AirPlay Software Development Kit (SDK) carrying numerous vulnerabilities that could have been abused to run remote code execution (RCE) attacks, man-in-the-middle (MitM) attacks, or denial of service (DoS) attacks. Some of these vulnerabilities could have been used in zero-click attacks, too.
Via TechCrunch[3]