WhatsApp has confirmed that it has patched a critical security vulnerability in its iOS and Mac applications that was actively exploited to compromise Apple devices belonging to specifically targeted users.
In a security advisory, the Meta-owned platform stated that the flaw, identified as CVE-2025-55177, was used in conjunction with an Apple vulnerability (CVE-2025-43300) that the iPhone maker recently addressed. Apple described the attack as “extremely sophisticated,” affecting a limited group of high-profile individuals.
According to WhatsApp, the exploit chain enabled attackers to deliver malicious payloads via a zero-click method, requiring no interaction from victims. Security researcher Donncha Ó Cearbhaill of Amnesty International’s Security Lab described the campaign as an “advanced spyware operation” that remained active for at least 90 days, allowing attackers to steal sensitive data, including private messages.
This incident adds to a series of high-profile spyware campaigns targeting WhatsApp. In May, a U.S. court ordered Israeli firm NSO Group to pay $167 million to WhatsApp over its 2019 Pegasus spyware attack. Earlier this year, WhatsApp also disrupted another surveillance operation that targeted about 90 individuals, including journalists and civil society members in Italy.
The latest disclosure underscores ongoing concerns about the use of government-grade spyware and highlights the need for prompt software updates to protect devices from evolving threats.
Recent Random Post:
