WhatsApp fixes zero-click vulnerability in iOS and macOS which was used in targeted s

[harlan4096]

WhatsApp has fixed a security flaw in its app for iOS and macOS. A zero-click exploit had been used by hackers to target users in spyware attacks.

Last week, Apple released iOS 16.8.2, iPadOS 16.8.2, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8 and macOS Ventura 13.7.8 updates to fix a zero-day threat.

This was referred to as CVE-2025-43300, and the Cupertino company acknowledged that the exploit may have been used by hackers in an extremely sophisticated attack against specific targeted individuals.

Apple did not provide details about the attack, but WhatsApp says that attackers exploited this OS-level security flaw, along with a vulnerability in its own app to attack some users. The vulnerability, which has now been fixed by WhatsApp, has been tracked as CVE-2025-55177. Its description says that an incomplete authorization of linked device synchronization messages in WhatsApp could have allowed attackers to trigger processing of content from an arbitrary URL on a target’s device. Since it was a zero-click attack, it did not require any action from a user, such as clicking on a link. The attackers exploited both security flaws to compromise the victim's device, and steal data from it, including messages

Continue Reading...