Particle.news
Download on the App Store
21 ARTICLES
·
3h ago

WhatsApp Patches Zero-Click Exploit Chain, Alerts Fewer Than 200 Targets

Attackers combined a WhatsApp sync-message flaw with Apple’s Image I/O bug to silently compromise selected iPhones and Macs.

Image
FILE - This Feb. 19, 2014, file photo, shows WhatsApp app icon on a smartphone in New York. (AP Photo/Patrick Sison, File)
Image

Overview

  • Meta fixed CVE-2025-55177 after detecting abuse alongside Apple’s CVE-2025-43300, which Apple patched on August 20 following reports of use in an extremely sophisticated attack.
  • Impacted releases include WhatsApp for iOS before v2.25.21.73, WhatsApp Business for iOS before v2.25.21.78, and WhatsApp for Mac before v2.25.21.78.
  • Meta says it sent fewer than 200 in-app threat notifications to people assessed as targeted over the past 90 days, reflecting a highly selective operation.
  • Amnesty International describes the activity as an advanced zero-click spyware campaign, attribution remains unconfirmed, and there are disputed indications about possible Android impact despite vendor guidance focusing on Apple platforms.
  • WhatsApp urges notified users to perform a full factory reset and all users to update OS and apps, with at-risk individuals advised to enable iOS Lockdown Mode or Android Advanced Protection; India’s CERT-In has also issued a public advisory.