WhatsApp Just Patched a 'Zero Click' Bug Being Used to Hack Apple Users
On Friday, WhatsApp announced that it had patched a software vulnerability that was being used by unknown hackers to target specific users of Apple products and hack them with spyware. The messaging app, which is owned by Meta, said in an advisory that the previously unknown bug "may have been exploited in a sophisticated attack against specific targeted users." The vulnerability is officially dubbed CVE-2025-55177.
TechCrunch notes that this week, WhatsApp fixed the bug while last week, Apple fixed another bug, known as CVE-2025-43300. Together, these vulnerabilities appear to have been the weak spots that allowed malicious spyware attacks targeting specific Apple users, intended to steal data from their devices.
Apple describes its bug as such: "Processing a malicious image file may result in memory corruption." Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
A Growing Concern for Zero-Click Attacks
Zero-click attacks have become increasingly common and are frightening because, just as the name would suggest, they don’t require any active phishing to penetrate into the inner contents of a person’s mobile OS. Often, all a bad actor needs to do is send a malicious file (often an image), which can take over the phone by itself.
Over the last several years, malware capable of zero-click attacks has been targeted at journalists, activists, and government officialsâmuch of it originating from companies based in Israel. The threat posed by these types of attacks is becoming increasingly clear, with major tech companies like Google and Apple now taking steps to patch vulnerabilities before they can be exploited.
WhatsApp Notifies Impacted Users
WhatsApp told TechCrunch that it had notified “less than 200 users” that they may have been impacted by the campaign. Donncha à Cearbhaill, head of Amnesty International’s Security Lab, said that the notifications had been sent out over the past 90 days.
"Our team at Amnesty International’s Security Lab is actively investigating cases with a number of individuals targeted in this campaign," Cearbhaill said on X. “We are available to support members of civil society who have received the WhatsApp notifications.”
A Growing Need for Vigilance
The incident highlights the growing need for vigilance when it comes to online security. As technology continues to advance, so too do the threats that come with it. The fact that a zero-click bug was able to be exploited in such a sophisticated way serves as a stark reminder of the importance of staying informed and taking steps to protect oneself.
As our digital lives become increasingly intertwined with our personal safety, it’s essential that we remain vigilant and proactive in protecting ourselves from threats like this. By staying up-to-date on the latest security patches and being cautious when interacting with unfamiliar files or links, we can significantly reduce the risk of falling victim to these types of attacks.