Particle.news
Download on the App Store
17 ARTICLES
·
2w ago

WhatsApp Patches Zero-Click Bug Linked to Apple Zero-Day, Warns Fewer Than 200 Targets

Meta says a chained exploit used WhatsApp as a delivery vector to compromise Apple devices in a highly targeted spyware campaign.

Whatsapp logo is seen in this illustration taken, August 22, 2022. REUTERS/Dado Ruvic/Illustration/File Photo
Image
Image
Image

Overview

  • WhatsApp fixed CVE-2025-55177 in its iOS and Mac apps, an authorization-bypass in linked-device sync that allowed processing content from arbitrary URLs.
  • Apple previously patched CVE-2025-43300 in ImageIO, an out-of-bounds write used in what it called an extremely sophisticated attack on specific individuals.
  • Meta confirmed it sent fewer than 200 threat notifications to users assessed as targeted over roughly the past 90 days starting in late May.
  • Amnesty International’s Security Lab is collecting forensic evidence and described the operation as a zero-click spyware campaign against selected users.
  • WhatsApp advised notified users to perform a full factory reset and keep iOS/macOS and WhatsApp updated, and it has not attributed the attacks to any actor.