In a recent disclosure, WhatsApp has detailed a critical zero-day vulnerability, identified as CVE-2025-55177, which has been actively exploited in highly targeted attacks against Apple device users. This flaw, carrying a CVSS score of 8.0, is characterized by incomplete authorization of linked device synchronization messages. Exploitation of this vulnerability could allow attackers to process content from arbitrary URLs on the victim’s device without their consent.
WhatsApp’s advisory indicates that this vulnerability, when combined with an operating system-level flaw on Apple platforms (CVE-2025-43300), may have been utilized in sophisticated attacks aimed at specific users. CVE-2025-43300 is an out-of-bounds write issue affecting the ImageIO framework component in Apple’s iOS, iPadOS, and macOS products. Apple addressed this flaw on August 20, releasing patches for iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8. While Apple did not provide detailed technical information, they acknowledged reports of active exploitation in highly sophisticated attacks targeting specific individuals.
WhatsApp has released patches for CVE-2025-55177 in July and August, updating WhatsApp for iOS to version 2.25.21.73, WhatsApp Business for iOS to version 2.25.21.78, and WhatsApp for Mac to version 2.25.21.78. The company has not disclosed specific details about the observed attacks.
Donncha Ó Cearbhaill of Amnesty International suggests that these security flaws were exploited in zero-click attacks as part of a suspected spyware campaign. He notes that the WhatsApp attack appears to impact both iPhone and Android users, including individuals from civil society. Ó Cearbhaill emphasizes that government spyware continues to pose a significant threat to journalists and human rights defenders.
Given that the Apple vulnerability affects a core image library, attackers may have exploited other applications as well. In response, WhatsApp has notified approximately 200 potentially targeted individuals.
Adam Boynton, Senior Security Strategy Manager at Jamf, highlights that the widespread use of WhatsApp and Apple devices, especially among senior executives, makes them prime targets for attackers. He points out that adversaries invest significantly in uncovering zero-click vulnerabilities due to the substantial potential payoff.
