WhatsApp warns of ‘attack against specific targeted users’ – The Register

Infosec In brief A flaw in Meta’s WhatsApp app “may have been exploited in a sophisticated attack against specific targeted users.” Meta made that alarming admission last week in a security advisory that disclosed CVE-2025-55177, which it described as allowing “Incomplete authorization of linked device synchronization messages in WhatsApp [which] could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.” The security team at Zuck’s messaging app also name-checked the zero-click vulnerability Apple patched last week – CVE-2025-43300 – because they feel their own CVE and Apple’s flaw “may have been exploited in a sophisticated attack against specific targeted users.” Donncha Ó Cearbhaill, the head of Amnesty International’s security lab, suggested attackers used the flaws in a highly specialized attack, which from past experience suggests that a commercial surveillanceware vendor is using it in highly targeted attacks against specific individuals. Surveillanceware is supposed to be used against state criminals but is also used against journalists, human rights campaigners, and anyone else certain governments don’t like. It looks like that $1 million bounty for a zero-click WhatsApp flaw might be worth the price. Microsoft calls time on lack of MFA for Azure
Read More