Following a high-precision targeted attack, WhatsApp has released a patch and asks all users to update the app as soon as possibleThe campaign took advantage of a zero-click vulnerability, capable of compromising devices just by receiving a malicious message.
The company explains that its internal failure, linked to a Apple system vulnerability (CVE-2025-43300), could be used in sophisticated attacks against targeted individuals to access their computers and stored data.
What happened and how it was exploited
The WhatsApp error, identified as CVE-2025-55177, resided in the synchronization of accounts between linked devices and could force the processing of content from Arbitrary URLs on the victim's computer, without the need for interaction.
According to the researcher Donncha Ó Cearbhaill (Amnesty International), the campaign ran for about 90 days and affected a small number of people —less than 200 goals—, mainly with iPhone, although isolated attempts have been recorded on Android.
WhatsApp claims to have introduced changes to block this vector on its platform and Apple has issued patches for iOS and macOS; despite this, the company warns that the operating system could still be compromised if the malware maintains persistence.
Corrected versions and scope
The fix is ​​now available at WhatsApp for iOS (v2.25.21.73), a WhatsApp Business for iOS (v2.25.21.78) and in WhatsApp for Mac (v2.25.21.78)The ruling received an 8.0 in the evaluation. CVSS (CISA-ADP) and 5.4 in Meta's internal assessment.
The attack combined the WhatsApp breach with an Apple bug (CVE-2025-43300) in the ImageIO framework —out-of-bounds writing when treating manipulated images—, allowing for high-level intrusion with code execution. This is the type of technique associated with government spyware, often cited alongside cases such as Pegasus or Predator.
How to protect yourself and update now
If you received an alert within the app, the strongest recommendation is to perform a full factory reset and then update both the system and apps. To enhance protection, WhatsApp and security experts suggest enabling the Lock Mode on iOS and Advanced Protection on Android.
To keep the messaging app on iPhone up to date, follow these steps: simple steps:
- Open the App Store and tap your profile (top right).
- Swipe to see the list of apps and locate WhatsApp.
- Balance Update if it appears available; if not, search for “WhatsApp” and check for the latest version.
- In iPhone Settings, turn on the Automatic Updates for apps and for iOS.
- Reboot your device after updating to ensure the patch application.
Basic measures recommended for all users, even if they have not received notice, in order to reduce exposure:
- Update WhatsApp immediately on iOS and macOS to patched versions.
- Keep iOS, iPadOS and macOS up to date, applying the latest Apple security updates.
- conduct a periodic reset of the device, useful against certain zero-day exploits.
- Activate the two step verification on WhatsApp to add an extra layer.
With the vector blocked in the app and patches already available on Apple systems, the priority is update without delay and apply good practices: although the attack was limited in scale and very targeted, its sophistication—zero-click and chaining of vulnerabilities—requires prudence and devices per day.
