WhatsApp Fixes Zero-Click Bug for Apple Devices

WhatsApp Fixes Zero-Click Bug for Apple Devices

WhatsApp has released urgent patches to fix a critical flaw CVE-2025-55177 (CVSS 8.0), which may have been exploited in real-world attacks. The vulnerability involved insufficient authorization in linked device synchronization messages, potentially allowing an attacker to force a target device to process malicious content from arbitrary URLs.

🔒 Affected versions:

• WhatsApp for iOS prior to 2.25.21.73 (patched July 28, 2025)
• WhatsApp Business for iOS prior to 2.25.21.78 (patched August 4, 2025)
• WhatsApp for Mac prior to 2.25.21.78 (patched August 4, 2025)

⚠️ Researchers believe this flaw was chained with Apple’s CVE-2025-43300 zero-day (ImageIO out-of-bounds write bug) in sophisticated zero-click spyware attacks. Amnesty International confirmed that civil society individuals, journalists, and human rights defenders were among those targeted.

📢 WhatsApp notified fewer than 200 people directly via in-app alerts and recommended factory resets for potentially compromised devices.

👉 What to do now:

• Update WhatsApp (iOS & Mac) to the latest versions
• Update iOS, iPadOS, and macOS to the latest Apple security patches
• Stay alert to potential spyware campaigns targeting high-risk groups

At Alcaeus Services, we help organizations stay ahead of zero-day threats, strengthen endpoint defenses, and respond rapidly to emerging cyber risks.