WhatsApp fixes ‘zero-click’ vulnerability that let hackers install spyware

WhatsApp has confirmed the resolution of a significant security flaw in its application for iPhones and Macs, a vulnerability that allowed hackers to infiltrate the devices of targeted users using spyware. This information was disclosed in a security advisory issued earlier this week, where WhatsApp identified the vulnerability, designated as CVE-2025-43300, as potentially exploited in sophisticated attacks aimed at specific individuals. In conjunction with WhatsApp's announcement, Apple revealed last week that it had resolved a related issue, labeled CVE-2025-55177. Combined, these vulnerabilities posed a risk for certain Apple users, enabling attackers to extract data from their devices. Apple provided insights into the flaw, noting that processing a malicious image file could lead to memory corruption. They acknowledged awareness of reports suggesting that this vulnerability had been exploited in a highly advanced attack targeting specific individuals. Meta spokesperson Margarita Franklin informed TechCrunch that the company detected and remedied the vulnerability weeks prior and dispatched notifications to “less than 200” affected WhatsApp users. This flaw was present in WhatsApp versions for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78. Donncha Ó Cearbhaill, leader of Amnesty International’s Security Lab, characterized the recent attack as part of an “advanced spyware campaign” that has affected several users over the past three months. Cearbhaill noted that initial findings suggest the WhatsApp attack impacted both iPhone and Android users, including individuals from civil society. Zero-click vulnerabilities are particularly concerning as they allow attackers to exploit security flaws without requiring any action from the user, such as clicking a link or opening a file. This type of attack is deemed one of the most perilous forms of cybersecurity threats, as victims have limited means to defend themselves against such intrusions.