Hackers Exploit WhatsApp Flaw in Sophisticated Attacks

WhatsApp is warning that threat actors are exploiting a security flaw to malicious ends – urging those targeted to patch their software ASAP.

Unnamed threat actors may have deployed attacks on “specific targeted users,” the Meta-owned company said last week in a security advisory.

The company also sent individual notices to the targeted people.

‘A sophisticated attack’

Tracked as CVE-2025-55177, this critical weakness is described as “Incomplete authorization of linked device synchronization messages [that] could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.”

In other words, the attacker can send the victim a link tainted with a malicious payload, like spyware.

“We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users,” the advisory reads.

CVE-2025-43300, patched by Apple in August, is also described as a dangerous bug that “may have been exploited in an extremely sophisticated attack against specific targeted individuals.”

Donncha Ó Cearbhaill from Amnesty International warns that the WhatsApp flaw is a “zero-click” bug, meaning the victim doesn’t have to interact with it to get infected.

And while the WhatsApp advisory names only iOS and macOS as the affected platforms, Ó Cearbhaill says “early indications are that the WhatsApp attack is impacting both iPhone and Android users, civil society individuals among them.”

Ó Cearbhaill also used his X feed to share screenshots of the individual warnings WhatsApp sent to potentially targeted individuals:

Credit: Donncha Ó Cearbhaill (@DonnchaC)

Apple also makes a habit of sending such notices whenever it detects spyware attacks against its user base.

If you ever receive a warning like this, take it seriously!

Patch now!

As we warn every time we report on perilous software exploits, you don’t have to be an important, high-risk person to get in hackers’ crosshairs – you never know when you accidentally trip a wire, upset someone, and become a target. So it’s always a good idea to keep up with the latest updates, especially when the bugs fixed are tagged as serious from a security standpoint.

The exploit mentioned in the WhatsApp advisory works against WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS prior to v2.25.21.78, and WhatsApp for Mac prior to v2.25.21.78.

In other words, as of now, you want to be on those versions or newer.

If you’re an Apple user, be sure to also update your device OS to the versions dished out from Cupertino last month. That’s iOS 18.6.2 and iPadOS 18.6.2; iPadOS 17.7.10; macOS Sequoia 15.6.1; macOS Sonoma 14.7.8; and macOS Ventura 13.7.8.

For peace of mind, run a dedicated security solution on all your personal devices. On Apple gear, keep the trusty Lockdown Mode toggle handy if you have reason to believe hackers might be targeting you.

You may also want to read:

Patch Your iPhones and Macs! Apple Tackles Critical Security Flaw with iOS 18.6.2, macOS Sequoia 15.6.1

WhatsApp Patches Zero-Click Spyware Attack Vector on Android

Apple Warns High-Risk People in 92 Countries They May Be Targeted by Spyware

How Spyware Infects Smartphones and How to Defend Against It