Hackers Chained Apple and WhatsApp Flaws in 'Advanced Spyware Campaign'
A few days ago, Apple fixed a vulnerability on iOS and macOS that "may have been exploited in an extremely sophisticated attack against specific targeted individuals." Now, new details have emerged, and it appears that the hacking campaign also leveraged a now-fixed WhatsApp flaw to target its victims. In this article, we will delve into the details of this advanced spyware campaign and what you need to know to protect yourself.
The Attack Revealed
According to TechCrunch, Meta has confirmed that it fixed a WhatsApp flaw (CVE-2025-55177) that, when used in combination with the flaw that Apple recently fixed on iOS and macOS (CVE-2025-43300), could "allow an attacker to deliver a malicious exploit" and steal user data. The report came after Donncha Ó Cearbhaill, Head of Security Lab at Amnesty International posted on X about Meta contacting users who may have been targeted by the flaw.
WhatsApp has just sent out a round of threat notifications to individuals they believe were targeted by an advanced spyware campaign in the past 90 days. These notifications warn that a malicious message may have been sent to you through WhatsApp, combined with other vulnerabilities in your device's operating system to compromise your device and the data it contains, including messages.
Protecting Yourself
While we don't know with certainty that your device has been compromised, WhatsApp urges users to take steps to secure their device and information. To do so, they recommend a full device factory reset, keeping your devices updated to the latest version of the operating system, and ensuring that your WhatsApp app is up to date.
As TechCrunch noted, it is currently unclear exactly who was behind the attack, or how many people were affected, beyond Meta's statement that it has sent "less than 200" notifications to potentially targeted individuals. However, with both Apple and Meta having issued fixes for these vulnerabilities, it may be a good idea to make sure that your devices and apps are up to date.
The Risks of Outdated Devices
Now that the details about the flaws have been made public, attacks looking to exploit outdated devices and apps are bound to increase. As a result, it is essential to prioritize device security and keep your devices and apps updated regularly.
In the meantime, users who receive threat notifications from WhatsApp should take immediate action to secure their devices. Remember, prevention is key in protecting yourself against advanced spyware campaigns like this one.
Stay Informed
If you have any questions or concerns about your device's security, we recommend seeking expert help. The Federal Trade Commission (FTC) also provides valuable resources and guidance on how to protect yourself from cyber threats.
At 9to5Mac, we will continue to monitor this situation and provide updates as more information becomes available. Stay informed, stay secure!