Overview

• WhatsApp released patched builds for iPhone, iPad and Mac, with minimum safe versions set at iOS 2.25.21.73, Business 2.25.21.78 and Mac 2.25.21.78.
• CVE-2025-55177 stemmed from improper authorization during linked-device synchronization, enabling zero-click delivery of content from arbitrary URLs onto targets.
• Apple fixed the related CVE-2025-43300 in its Image I/O component with iOS 18.6.2 and corresponding macOS updates on August 20.
• WhatsApp issued fewer than 200 notifications to potentially affected users, and Amnesty International reported civil-society figures were among those targeted.
• Researchers say the surveillance activity ran since late May; Android versions were not affected, and users are urged to update and enable automatic app and OS updates.