Zero-Click Spyware Hits WhatsApp on iOS, macOS – eSecurity Planet

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More A newly disclosed zero-click vulnerability has been patched in WhatsApp for iOS and macOS, raising alarms about advanced spyware campaigns exploiting Apple devices.   The flaw, tracked as CVE-2025-55177, was discovered by WhatsApp’s internal security team and reportedly used in targeted attacks against civil society groups. In its advisory, WhatsApp stated the bug “could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.” Inside CVE-2025-55177: How the attack works CVE-2025-55 1 77 is caused by insufficient authorization of linked device synchronization messages. When exploited, the bug can force a device to process malicious content from an attacker-controlled URL. Researchers believe the flaw may have been chained with CVE-2025-43300, a recently disclosed Apple ImageIO out-of-bounds write vulnerability. This pairing enabled attackers to corrupt memory and compromise devices with no user interaction — a classic zero-click exploit. The vulnerability highlights ongoing risks in the mobile ecosystem where even trusted applications can become vectors for advanced surveillance. Affected versions include: WhatsApp for iOS prior to 2.25.21.73 (patched Jul. 28, 2025) WhatsApp Business
Read More