94
Heads up, WhatsApp customers. A severe zero-day vulnerability existed in WhatsApp that was already exploited within the wild earlier than a repair. As confirmed, this vulnerability particularly affected WhatsApp purchasers for Apple units (iOS and macOS). Since a patch has been launched, customers should be certain that they replace their units with the newest releases to keep away from potential threats.
WhatsApp Zero-Day Vulnerability Exploited In opposition to Apple Gadgets
In line with a current advisory, a significant zero-day vulnerability in WhatsApp threatened the safety of Apple customers.
Recognized as CVE-2025-55177, this vulnerability existed attributable to “incomplete authorization of linked system synchronization messages” in WhatsApp purchasers for Apple units. Exploiting this vulnerability might enable an adversary to set off content material processing on a goal consumer’s system. As described,
Incomplete authorization of linked system synchronization messages in WhatsApp for iOS previous to v2.25.21.73, WhatsApp Enterprise for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 might have allowed an unrelated consumer to set off processing of content material from an arbitrary URL on a goal’s system.
This vulnerability obtained a medium severity ranking and a CVSS rating of 5.4. Whereas these metrics make this vulnerability much less extreme, it’s truly crucial for customers’ safety given its lively exploitation. WhatsApp additionally confirmed that the menace actors are exploiting this vulnerability by chaining it with one other identified flaw in Apple techniques.
We assess that this vulnerability, together with an OS-level vulnerability on Apple platforms (CVE-2025-43300), might have been exploited in a classy assault towards particular focused customers.
The opposite vulnerability, CVE-2025-43300, made it to the information final month (August 2025), when Apple launched patches for it. Apple outlined this safety flaw as an out-of-bounds (OOB) write problem arising from malicious picture file processing, resulting in reminiscence corruption.
Apple patched this vulnerability by enhancing bounds examine. It launched the patch with iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8, making certain to deal with this vulnerability for many of its clients utilizing varied Apple units.
In addition to rolling out the patch, the tech big additionally confirmed that it had detected its lively exploitation in refined assaults.
Whereas the precise nature of these assaults remained unclear at the moment, it now seems that the vulnerability was seemingly chained to the WhatsApp flaw (CVE-2025-55177) for focused adware campaigns.
WhatsApp Notified Customers Probably Affected By The Flaw
In line with the pinnacle of Amnesty Worldwide’s Safety Lab, Donncha Ó Cearbhaill, WhatsApp has notified its customers about this menace. Extra particularly, it despatched these notifications to the precise customers seemingly affected by this menace. In line with the pictures shared in his X publish, the notification reads,
Our investigation signifies {that a} malicious message might have been despatched to you thru WhatsApp and mixed with different vulnerabilities in your system’s working system to compromise your system and the info it accommodates, together with messages.
Whereas we don’t know with certainty that your system has been compromised, we needed to let you recognize out of an abundance of warning so you’ll be able to take steps to safe your system and knowledge.
In his X publish, Donncha Ó Cearbhaill described this problem as a zero-click exploit. Therefore, exploiting the flaw doesn’t require consumer interplay, indicating the stealthiness of the menace.
Whereas WhatsApp confirmed patching the vulnerability, it additionally warned customers of a continued system compromise in case they’ve already been impacted by the malware. Therefore, WhatsApp urged customers to carry out a full system manufacturing unit reset.
For now, it stays unclear as to what particular malware or adware marketing campaign exploited these flaws. Nonetheless, WhatsApp vulnerabilities have lengthy been a possible assault vector for focused adware campaigns, comparable to NSO’s Pegasus, as they supply a sneaky technique to infiltrate the largely safe Apple units.
Tell us your ideas within the feedback.
Get actual time replace about this publish class instantly in your system, subscribe now.
