WhatsApp has fixed a zeroday vulnerability in its iOS and MacOS apps that allowed malicious actors to spread spyware to specific users.
WhatsApp has patched a security bug in its iOS and Mac apps that malicious actors were exploiting to hack the Apple devices of certain users. The vulnerability was officially designated as CVE-2025-55177. It was reportedly a zero-click exploit used to spread spyware.
CVE-2025-55177
Donncha Ó Cearbhaill, head of Amnesty International’s Security Lab, shares in a post on X the notification received by affected users. He describes the attack as an “advanced spyware campaign”. The vulnerability was used to execute malicious code on a victim’s device by sending a manipulated image. Subsequently, the attacker could access the data on the device without requiring any interaction from the user.
According to WhatsApp, this attack targeted specific users. The messaging service told TechCrunch that it affected “fewer than two hundred” users. The flaw was reportedly discovered and patched “a few weeks ago”, according to Meta spokesperson Margarita Franklin.
read also
WhatsApp Secures Backups with Passkeys
WhatsApp has announced that the vulnerability has now been resolved in version v2.25.21.73 of the iOS app, version v2.25.21.78 of the WhatsApp Business app, and version v2.25.21.78 of the Mac app.