WhatsApp Releases Emergency Update
WhatsApp has rolled out a critical patch for iOS and macOS users after discovering a zero‑click vulnerability that could let bad actors trigger malicious content on a device without the user clicking a link. The flaw, identified as CVE‑2025‑55177, scores an 8.0 on the CVSS scale and involves insufficient checks on linked‑device messages.
Affected Versions
- WhatsApp for iOS prior to 2.25.21.73
- WhatsApp Business for iOS 2.25.21.78
- WhatsApp for Mac 2.25.21.78
Chainable Threats
The issue can be combined with Apple’s CVE‑2025‑43300, a memory‑corruption bug in the ImageIO framework that has already powered highly targeted attacks. This pairing creates a powerful zero‑click attack vector capable of compromising smartphones and desktop computers alike.
WhatsApp warned that it had identified a handful of users who may have been targeted in the past 90 days. The company recommends that affected users perform a full device factory reset and keep both the operating system and WhatsApp up to date to defend against future hacking attempts.
Security experts highlight that this case is part of a broader trend where spyware continues to threaten journalists, human rights activists, and ordinary smartphone users, underscoring the importance of strong two‑factor authentication, regular password updates, and vigilant phishing awareness.
Tags: WhatsApp, iOS, macOS, cybersecurity, zero-click
Post a Comment