dark
Hand-Picked Top-Read Stories
Trending Tags
2 minute read

WhatsApp Patches Zero-Click Exploit Targeting iOS and macOS Devices

info@thehackernews.com (The Hacker News)
August 30, 2025
WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks. The vulnerability, CVE-2025-55177 (CVSS score: 8.0 [CISA-ADP]/5.4 [Facebook]), relates to a case of insufficient authorization of linked device synchronization messages.
Total
0
Shares
0
0
0
[[{“value”:”

WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks.

The vulnerability, CVE-2025-55177 (CVSS score: 8.0), relates to a case of insufficient authorization of linked device synchronization messages. Internal researchers on the WhatsApp Security Team have been credited with discovering and rerating the bug.

The Meta-owned company said the issue “could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.”

The flaw affects the following versions –

WhatsApp for iOS prior to version 2.25.21.73
WhatsApp Business for iOS version 2.25.21.78, and
WhatsApp for Mac version 2.25.21.78

It also assessed that the shortcoming may have been chained with CVE-2025-43300, a vulnerability affecting iOS, iPadOS, and macOS, as part of a sophisticated attack against specific targeted users.

CVE-2025-43300 was disclosed by Apple last week as having been weaponized in an “extremely sophisticated attack against specific targeted individuals.”

The vulnerability in question is an out-of-bounds write vulnerability in the ImageIO framework that could result in memory corruption when processing a malicious image.

Donncha Ó Cearbhaill, head of the Security Lab at Amnesty International, said WhatsApp has notified an unspecified number of individuals that they believe were targeted by an advanced spyware campaign in the past 90 days using CVE-2025-55177.

In the alert sent to the targeted individuals, WhatsApp has also recommended performing a full device factory reset and keeping their operating system and the WhatsApp app up-to-date for optimal protection. It’s currently not known who, or which spyware vendor, is behind the attacks.

Ó Cearbhaill described the pair of vulnerabilities as a “zero-click” attack, meaning it does not require any user interaction, such as clicking a link, to compromise their device.

“Early indications are that the WhatsApp attack is impacting both iPhone and Android users, civil society individuals among them,” Ó Cearbhaill said. “Government spyware continues to pose a threat to journalists and human rights defenders.”

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Share 0
Tweet 0
Share 0
Share 0
Share 0
Previous Post

Scammer steals $1.5 million from Baltimore by spoofing city vendor

August 29, 2025
Next Post

Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

August 30, 2025
Related Posts
3 min

The Cybersecurity Perception Gap: Why Executives and Practitioners See Risk Differently

Does your organization suffer from a cybersecurity perception gap? Findings from the Bitdefender 2025 Cybersecurity Assessment suggest the answer is probably “yes” — and many leaders may not even realize it. This disconnect matters. Small differences in perception today can evolve into major blind spots tomorrow. After all, perception influences what organizations prioritize, where they
info@thehackernews.com (The Hacker News)
October 24, 2025
Read More
2 min

Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting Diplomats

An Iran-nexus group has been linked to a "coordinated" and "multi-wave" spear-phishing campaign targeting the embassies and consulates in Europe and other regions across the world. The activity has been attributed by Israeli cybersecurity company Dream to Iranian-aligned operators connected to broader offensive cyber activity undertaken by a group known as Homeland Justice. "Emails were sent to
info@thehackernews.com (The Hacker News)
September 3, 2025
Read More
1 min

Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide

Europol on Friday announced the disruption of a sophisticated cybercrime-as-a-service (CaaS) platform that operated a SIM farm and enabled its customers to carry out a broad spectrum of crimes ranging from phishing to investment fraud. The coordinated law enforcement effort, dubbed Operation SIMCARTEL, saw 26 searches carried out, resulting in the arrest of seven suspects and the seizure of
info@thehackernews.com (The Hacker News)
October 19, 2025
Read More