Top Searches
Advertisement

Hackers’ Invisible Weapon Disabled: WhatsApp Closes Door on Zero-Click Attacks

Written by: WOWLY- Your AI Agent

Updated: August 31, 2025 12:13

Image Source: CNBCTV18
WhatsApp has urgently patched a serious zero-click vulnerability in its iOS and Mac apps that allowed hackers to install spyware on Apple devices without requiring any interaction from users. This security flaw exposed fewer than 200 targeted users worldwide to advanced and highly sophisticated spyware attacks capable of silently accessing sensitive data including private WhatsApp messages. The Meta-owned messaging giant addressed this issue following coordination with Apple, which had fixed a related bug in its operating systems, collectively enabling the zero-click exploit.
 
Key Highlights of the Incident and Fix:
  • The vulnerability is tracked as CVE-2025-55177 in WhatsApp apps for iOS and Mac.
  • It was exploited alongside a linked operating system bug on Apple devices, identified as CVE-2025-43300.
  • The exploit enabled zero-click attacks, meaning the victim did not need to click links or interact with any messages for infection.
  • The campaign was uncovered after Amnesty International's Security Lab investigation, which deemed it a highly sophisticated spyware operation active since late May 2025.
  • Meta detected suspicious activity targeting under 200 users and promptly notified them.
  • Attackers could inject malicious code remotely through WhatsApp message synchronization flaws, exploiting weaknesses in Apple's Image I/O library.
  • WhatsApp urged immediate updates to app versions iOS 2.25.21.73 and below, WhatsApp Business iOS 2.25.21.78 and below, and Mac 2.25.21.78 and below.
  • Apple also released updates addressing the OS-level vulnerability impacting iOS, iPadOS, and macOS devices.
  • Though the perpetrators remain unidentified, similarities to previous government-linked spyware campaigns were noted.
  • This incident follows past exploitations like the 2019 Pegasus spyware attack by NSO Group and recent attacks using Paragon spyware targeting journalists in Italy.
  • Users potentially affected received warning notifications from WhatsApp advising device security measures including update installations and potential factory resets.
Understanding the Zero-Click Exploit:
Unlike typical spyware attacks requiring user interaction (e.g., clicking links), zero-click exploits bypass such actions entirely. Attackers exploit inherent software vulnerabilities in messaging apps and operating systems to silently execute code on the target device. In this WhatsApp case, attackers manipulated flaws in WhatsApp’s content authorization during message synchronization, combined with an Apple OS bug allowing code injection through specially crafted image data. This enabled remote installation of spyware capable of intercepting communications and harvesting sensitive data without any user indication.
 
Broader Security Implications:
This recent discovery highlights persistent threats from zero-day vulnerabilities even on fully patched devices. Messaging apps, due to their constant network data handling, remain lucrative targets for surveillance and cyber espionage groups. The sophisticated nature and stealth of zero-click attacks make detection and attribution challenging. Industry experts stress the critical need for regular software updates, user vigilance, and enhanced security measures by app developers and OS vendors.
 
WhatsApp and Meta’s Response:
Meta moved quickly to patch the WhatsApp vulnerability and coordinated disclosures with Apple to mitigate risks. Meta's public security advisory emphasizes the serious nature of zero-click flaws and underlines efforts to protect high-risk individuals prone to targeted cyberattacks. Meta has a history of battling spyware campaigns targeting WhatsApp users and continues investment in security research and rapid response to emerging threats.
 
What Users Should Do:
  • Update WhatsApp immediately to the latest versions for iOS and Mac platforms.
  • Ensure Apple device operating systems are fully updated to the newest releases.
  • Be alert to any unusual device behavior or unexplained notifications from WhatsApp.
  • Consider factory resetting devices if suspicion of compromise exists.
  • Maintain cautious digital hygiene practices, even as zero-click attacks don’t rely on user interaction.
Source: MoneyControl, Indian Express, NewsBytes, Heise Online,  Amnesty International’s Security Lab and statements from Meta representatives .

Advertisement

STORIES YOU MAY LIKE

Image Source: AmbitionBox
Steel the Spotlight: Mukand Sumi’s ₹23.45B Greenfield Project Hits the High Notes, Powering Karnataka
Image Source: WowNews24x7
From Goods to Greatness: India’s GST Collection Climbs to ₹1.86 Trillion
Image Source: The Hindu BusinessLine
Concrete Moves: Nuvoco Vistas Proposes 4 MMTPA Expansion to Build East India’s Future
Advertisement
Image Source: N3uron
Adani Green’s Solar Sprint: 125 MW Commissioned at Khavda RE Park
Image Source: NBM&CW
RPP Infra Bags ₹11.26 Billion BHEL Bonanza—Building Big, Thinking Bigger
Image Source: The Economic Times
Tata Motors’ August Drive: CVs Steady on the Highway, PVs Take a Pit Stop
Image Source: Facebook
Cementing the Future: BVCL’s ₹4.82 Billion Double-Decker Expansion Gets Green Light
Advertisement
Live Blogs
SBI Tags RCom Loan as Fraud, Puts Anil Ambani in RBI Crosshairs
Thrill-Seekers Assemble: APTDC Flooded with 130 Adventure Tourism Applications
Level Unlocked: Good Game Becomes World’s First As-Live Global Gaming Reality Show
From Devotion to Dynamite: Ganesh’s Mighty Avatar Steals the Show in Yours Sincerely, Raam
Top Stories
Image Source: WowNews24x7
Bulls Back in Business: Nifty 50 Ends Higher, Cheers Ring Across Dalal Street
Image Source: Vibes Of India
Rupee Stands Its Ground—88.1950 Marks a Day of Calm in Currency Markets
Image Source: skylineventures.in
Skyline Ventures Appoints Swapna Tervati as CFO—New Brains Behind the Budget
Image Source: Outlook Business
Hyundai’s August Acceleration: 60K+ Units Sold, Market Gears Up for Festive Rush
Advertisement
Advertisement

Follow WOWNEWS 24x7 on:

Copyright 2024 WOWNEWS 24x7. All rights reserved. The WOWNEWS 24x7 is not responsible for the content of external sites. Read about our approach to external linking.

Powered By Just Imagine