WhatsApp fixes 'zero-click' bug used to hack Apple users with spyware | TechCrunch
techcrunch.com
A spyware vendor was behind a recent campaign that abused a vulnerability in WhatsApp to deliver an exploit capable of hacking into iPhones and Macs.

WhatsApp has patched a critical zero-click vulnerability in its iOS and Mac apps that enabled sophisticated spyware attacks targeting specific users over the past three months. The flaw, tracked as CVE-2025-55177, was exploited in combination with an Apple operating system vulnerability to compromise devices and steal sensitive data including private messages.

Meta confirmed it detected and patched the vulnerability “a few weeks ago” and sent notifications to “less than 200” affected WhatsApp users. The company described the attacks as targeting “specific targeted users” through a zero-click exploit that required no interaction from victims to compromise their devices.

The vulnerability involved incomplete authorization of linked device synchronization messages in WhatsApp, allowing attackers to trigger processing of content from arbitrary URLs on targeted devices. Security researchers noted that the flaw was used in conjunction with Apple’s CVE-2025-43300, an ImageIO framework vulnerability that Apple patched on August 20.