WhatsApp Fixes 'Zero-Click' Bug Used to Hack Apple Users With Spyware
In a significant security update, WhatsApp has announced that it has fixed a critical vulnerability in its iOS and Mac apps that was being exploited by hackers to target specific Apple users with malicious spyware.
The vulnerability, officially known as CVE-2025-55177, was used in conjunction with another flaw found in iOS and Macs, which Apple patched last week and tracks as CVE-2025-43300. The combined attack allowed attackers to deliver a malicious exploit through WhatsApp that could steal data from the user's Apple device.
According to Donncha O Cearbhaill, who heads Amnesty International's Security Lab, the attack constitutes an "advanced spyware campaign" that has targeted WhatsApp users over the past 90 days, or since the end of May. The attack is classified as a "zero-click" exploit, meaning it does not require any interaction from the victim, such as clicking a link, to compromise their device.
O Cearbhaill described the pair of bugs as a chained attack that allows an attacker to deliver a malicious exploit through WhatsApp capable of stealing data from the user's Apple device. He noted that the attack was able to "compromise your device and the data it contains, including messages."
The Attack: What We Know
It is not yet clear who or which spyware vendor is behind the attacks. However, WhatsApp has confirmed that it detected and patched the flaw "a few weeks ago." The company sent notifications to less than 200 affected WhatsApp users.
When asked if WhatsApp has evidence to attribute the hacks to a specific attacker or surveillance vendor, the Meta spokesperson declined to comment.
A Warning to Apple Users
The discovery of this vulnerability serves as a reminder to all Apple users to remain vigilant when using messaging apps like WhatsApp. As O Cearbhaill emphasized, "The use of zero-click exploits highlights the urgent need for increased awareness and action from tech companies and users alike."
Users are advised to keep their devices and apps up-to-date, use strong passwords, and be cautious when opening links or attachments from unknown sources. By taking these precautions, users can reduce their risk of falling victim to malicious attacks like the one WhatsApp recently addressed.