Both WhatsApp and Apple have issued critical security updates to address serious vulnerabilities. The updates are designed to fix Zero-Click Vulnerabilities, which enabled malicious actors to compromise devices without any user interaction. The swift response from both companies is a key factor in mitigating the risk.
WhatsApp Bug: CVE-2025-43300
WhatsApp’s security advisory highlighted the CVE-2025-43300 bug, which could have been leveraged in targeted attacks. This flaw was found in WhatsApp iOS versions prior to v2.25.21.73, WhatsApp Business iOS prior to v2.25.21.78, and WhatsApp Mac prior to v2.25.21.78. Meta has confirmed that the bug was resolved several weeks ago and that affected users were notified.
Apple’s Fix: CVE-2025-55177
Apple addressed a separate vulnerability identified as CVE-2025-55177. This bug was found to cause memory corruption when processing a malicious image file. Reports suggest that this vulnerability was actively exploited in spyware attacks, specifically targeting iPhone users.
How the Bugs Were Discovered
Donncha O Cearbhaill from Amnesty International Security Lab provided details on X, confirming that the vulnerabilities were exploited as part of an advanced spyware campaign. Investigations indicated that both iPhone and Android users were targeted, including civil society members and activists.
The Threat of Zero-Click Attacks
Zero-Click attacks represent one of the most significant threats in cybersecurity. They enable hackers to gain unauthorized access to systems without the need for user actions, making them exceptionally difficult to defend against.
What Users Should Do
Users are strongly encouraged to update WhatsApp and iOS to the latest versions immediately. Prudence is advised: avoid opening unknown links or files, even though the vulnerabilities have been addressed. Regular application of security patches is crucial. Keeping all software and apps up to date is vital.