WhatsApp Fixes 'Zero-Click' Bug Used To Hack Apple Users With Spyware

In a major security update, WhatsApp has announced that it has fixed a critical bug in its iOS and Mac apps that was being used to stealthily hack into the Apple devices of "specific targeted users". The Meta-owned messaging app giant revealed in its security advisory that it had patched the vulnerability, known officially as CVE-2025-55177, which was being exploited alongside a separate flaw found in iOS and Macs, tracked as CVE-2025-43300.

Apple had previously acknowledged the existence of this pair of bugs, describing one of them as an "extremely sophisticated attack against specific targeted individuals". Now it appears that dozens of WhatsApp users were targeted with these two vulnerabilities, which are known as a "zero-click" attack. This type of attack does not require any interaction from the victim, such as clicking a link or opening an attachment, to compromise their device.

"This is an advanced spyware campaign that has targeted users over the past 90 days, or since the end of May," said Donncha O Cearbhaill, who heads Amnesty International's Security Lab. "The two bugs chained together allow an attacker to deliver a malicious exploit through WhatsApp that's capable of stealing data from the user's Apple device." According to O Cearbhaill, the attack was able to "compromise your device and the data it contains, including messages."

It is not immediately clear who or which spyware vendor is behind these attacks. When reached by TechCrunch, a Meta spokesperson confirmed that the company had detected and patched the flaw "a few weeks ago" and sent less than 200 notifications to affected WhatsApp users.

"We can confirm that we have taken steps to address this issue and prevent similar incidents in the future," said the spokesperson. However, when asked if WhatsApp has evidence to attribute the hacks to a specific attacker or surveillance vendor, the spokesperson did not provide any further information.

The news has sent shockwaves through the cybersecurity community, with many experts expressing concern about the potential for widespread exploitation of this vulnerability. As the threat landscape continues to evolve, it is essential for individuals and organizations to remain vigilant and take proactive steps to protect themselves against emerging threats.