Particle.news
Download on the App Store
14 ARTICLES
·
8h ago

WhatsApp Patches Zero-Click Flaw Tied to Apple Bug in Targeted Spyware Campaign

WhatsApp says a chained exploit linking its app to Apple’s ImageIO vulnerability targeted select users, prompting threat alerts to fewer than 200 people.

Whatsapp logo is seen in this illustration taken, August 22, 2022. REUTERS/Dado Ruvic/Illustration/File Photo
Image
Image
Image

Overview

  • Meta disclosed CVE-2025-55177 in WhatsApp for iOS and Mac, assessing it was paired with Apple’s CVE-2025-43300 in a sophisticated zero-click attack.
  • Apple previously patched the ImageIO out-of-bounds write bug after noting exploitation in an extremely sophisticated operation against specific individuals.
  • Amnesty International’s Security Lab reports the campaign ran for roughly 90 days since late May and is gathering forensic data from affected users.
  • WhatsApp sent fewer than 200 threat notifications and advised recipients to perform a full device factory reset and keep operating systems and apps updated.
  • Attribution remains unconfirmed, with early indications from Amnesty suggesting impact on both iPhone and Android users and potential vectors beyond WhatsApp due to the core image library flaw.