Particle.news
Download on the App Store
3 ARTICLES
·
3w ago

WhatsApp Zero-Click Image Exploit Targets Apple and Samsung Devices as Fixes Roll Out

Samsung says attacks are already occurring on many Galaxy models.

Smartphone mit WhatsApp Logo

Overview

  • The attack chain pairs WhatsApp’s message sync flaw (CVE-2025-55177) with an image-processing bug (CVE-2025-43300), allowing code execution from a received image or its preview without user action.
  • Apple users are at risk on outdated WhatsApp for iOS and macOS builds, while a system-level third‑party image library leaves a wide range of Samsung phones on Android 13–16 exposed.
  • Meta, Apple and Samsung have shipped patches, with Samsung distributing September security updates by model; users should update WhatsApp and their OS, enable automatic updates and verify versions manually.
  • Exploitation can install spyware, take control of devices and expose messages and personal data; Meta flagged the issue as high risk and vendors acknowledged real‑world use.
  • Separately from the security fixes, WhatsApp’s iOS update 25.25.74 adds per‑message reminders that are stored and processed only on the device.