Particle.news
Download on the App Store
12 ARTICLES
·
3h ago

WhatsApp Patches iOS and Mac Flaw Linked to Apple Zero‑Click Exploit, Notifies Under 200 Targets

Recipients are urged to perform a full factory reset because an OS‑level implant may persist after updating the app.

Whatsapp logo is seen in this illustration taken, August 22, 2022. REUTERS/Dado Ruvic/Illustration/File Photo
Image
Image
Image

Overview

  • Meta said CVE-2025-55177 in WhatsApp’s iOS and macOS clients was used with Apple’s CVE-2025-43300 to compromise specific users without interaction.
  • The WhatsApp bug stemmed from incomplete authorization of linked‑device sync messages that could trigger processing of content from an arbitrary URL on a target device.
  • Apple previously fixed the ImageIO out‑of‑bounds write flaw that it said was exploited in an extremely sophisticated campaign against targeted individuals.
  • WhatsApp sent fewer than 200 threat notifications over the past 90 days and advised affected users to wipe devices and keep operating systems and apps updated.
  • Attribution remains unknown, and researchers, including Amnesty’s Security Lab, describe the activity as a targeted spyware operation with potential impact beyond WhatsApp.