WhatsApp has issued a critical security alert after discovering a zero-click vulnerability, identified as CVE-2025-55177, which has been used in sophisticated attacks targeting iOS and macOS users. This flaw, when combined with another Apple operating system vulnerability, CVE-2025-43300, allowed attackers to compromise devices and access sensitive data without user interaction. The primary issue in WhatsApp stemmed from incomplete authorization of linked device synchronization messages, affecting various app versions on iOS and macOS. The exploitation enabled malicious actors to remotely trigger content processing from arbitrary URLs on targeted devices. The situation worsened when combined with Apple’s ImageIO framework vulnerability, leading to memory corruption and unauthorized data access. Amnesty International’s Security Lab is investigating, highlighting that both iPhone and Android users, including journalists and human rights defenders, are affected. WhatsApp has notified potentially targeted users and rolled out updates to mitigate the threat, urging users to update both their apps and Apple devices to the latest versions to ensure security.
How are zero-click attacks exploiting WhatsApp vulnerabilities to hack Apple devices?
