# WhatsApp Fixes 'Zero-Click' Bug Used to Hack Apple Users with Spyware

In a recent security update, WhatsApp has fixed a critical vulnerability in its iOS and Mac apps that was being exploited by hackers to gain unauthorized access to the devices of specific targeted users. The bug, officially known as CVE-2025-55177, is part of a larger security issue that also affects iOS and Macs, tracked as CVE-2025-43300.

According to Donncha Ó Cearbhaill, head of Amnesty International's Security Lab, the vulnerability was used in an "advanced spyware campaign" targeting users over the past 90 days, or since the end of May. The attack is considered a "zero-click" attack, meaning it does not require any interaction from the victim, such as clicking a link, to compromise their device.

The two bugs chained together allow an attacker to deliver a malicious exploit through WhatsApp that's capable of stealing data from the user's Apple device. Per Ó Cearbhaill, who posted a copy of the threat notification that WhatsApp sent to affected users, the attack was able to "compromise your device and the data it contains, including messages."

This is not the first time that WhatsApp users have been targeted by government spyware. In May, a U.S. court ordered spyware maker NSO Group to pay WhatsApp $167 million in damages for a 2019 hacking campaign that broke into the devices of more than 1,400 WhatsApp users with an exploit capable of planting NSO's Pegasus spyware.

Earlier this year, WhatsApp disrupted a spyware campaign that targeted around 90 users, including journalists and members of civil society across Italy. The Italian government denied its involvement in the spying campaign. Paragon, whose spyware was used in the campaign, later cut off Italy from its hacking tools for failing to investigate the abuse.

The recent vulnerability is just another example of the ongoing threat posed by government-backed spyware campaigns. As the use of advanced technology continues to evolve, it's essential for messaging apps like WhatsApp to prioritize security and protect their users from these types of attacks.

### What You Can Do

If you received a notification that your device was compromised, it's essential to take action immediately. Here are some steps you can follow:

* Check your device's logs for any suspicious activity * Update your operating system and apps to the latest version * Use a reputable antivirus software to scan your device for malware * Consider resetting your device to its factory settings

If you believe you have been targeted by this vulnerability, get in touch with us securely via Signal.

### Stay Safe Online

In today's digital age, cybersecurity is more important than ever. By staying informed and taking the necessary precautions, we can all do our part to protect ourselves from threats like this.

### Get Involved

Stay up-to-date with the latest security news and trends by following us on social media or signing up for our newsletter.