WhatsApp fixes major security bug exploited in spyware attacks on Apple devices

WhatsApp has announced a crucial fix for a significant security vulnerability affecting its iOS and Mac applications, which was reportedly exploited to infiltrate Apple devices belonging to select individuals. The Meta-owned messaging service disclosed this in a recent security advisory, identifying the flaw with the designation CVE-2025-55177. This vulnerability was exploited alongside another security issue recognized by Apple as CVE-2025-43300, which was also patched last week. Apple characterized the exploit as part of a highly sophisticated attack aimed at specific targets. WhatsApp revealed that numerous users fell victim to these linked vulnerabilities. Donncha Ó Cearbhaill, director of Amnesty International’s Security Lab, referred to the situation on social media platform X as an "advanced spyware campaign" that had persisted for approximately 90 days. He highlighted that the attack utilized a "zero-click" technique, allowing the hackers to compromise devices without requiring any action from the victims. The combined vulnerabilities enabled attackers to deliver a malicious exploit via WhatsApp, capable of extracting sensitive information. A threat notification shared by Ó Cearbhaill indicated that this exploit had the potential to jeopardize devices and the confidential data they housed, including messages. This incident marks yet another instance of WhatsApp being targeted by sophisticated spyware. In May, a U.S. court mandated that the Israeli company NSO Group pay WhatsApp $167 million in damages for a hacking campaign in 2019 that affected over 1,400 users through its Pegasus spyware. Earlier this year, WhatsApp also thwarted another spyware operation that aimed at around 90 individuals, including journalists and activists in Italy. The Italian government dismissed any involvement, while spyware vendor Paragon ceased providing access to its tools following the exposure of the abuse.