WhatsApp and Apple have released significant security updates addressing critical vulnerabilities. Both platforms were affected by a Zero-Click Vulnerability, which allowed hackers to access user devices without any user interaction, such as clicking a link or opening a file. Fortunately, both companies have promptly addressed these issues.
WhatsApp’s CVE-2025-43300 Bug
WhatsApp reported that the CVE-2025-43300 bug may have been exploited in sophisticated attacks targeting specific users. This vulnerability affected WhatsApp iOS (versions prior to v2.25.21.73), WhatsApp Business iOS (versions prior to v2.25.21.78), and WhatsApp Mac (versions prior to v2.25.21.78). Meta indicated that the bug was patched several weeks ago, and approximately 200 users were notified about its potential impact.
Apple’s CVE-2025-55177 Bug
Apple also fixed the CVE-2025-55177 bug. The company stated that processing a malicious image file could lead to memory corruption. Reports suggest this vulnerability was also used in high-level spyware attacks, primarily affecting iPhone users.
Discovery of the Bugs
Donncha O Cearbhaill from Amnesty International Security Lab revealed on X that these attacks were part of an advanced spyware campaign. Initial investigations indicated that both iPhone and Android users had been targeted over the past 90 days, including individuals from civil society and activist groups.
Why Zero-Click Vulnerabilities are Dangerous
Zero-Click attacks are among the most dangerous in the cyber world. They do not require the user to click a link or open a file. Hackers can directly infiltrate the system and steal data. These attacks are difficult to defend against because users have no preventive action options.
Recommendations for Users
Users should immediately update their WhatsApp and iOS devices to the latest versions. Avoid suspicious links and files, even though the Zero-Click bugs have been fixed. Regularly install security patch updates and keep apps and software updated.
