WhatsApp Zero-Day Vulnerability Exploited with 0-Click Attacks to Hack Apple Devices

Threat Score:
83
4 articles
100.0% similarity
2 hours ago

Article Timeline

4 articles
Click to navigate
Aug 29
Aug 29
Aug 29
Aug 29
Oldest
Latest

Key Insights

1
WhatsApp has issued a critical security advisory for the zero-day vulnerability CVE-2025-55177, exploited in zero-click attacks targeting Mac and iOS users.
2
The vulnerability stems from 'incomplete authorization of linked device synchronization messages' in WhatsApp for iOS and Mac versions prior to 2.25.21.73 and 2.25.21.78 respectively.
3
Exploitation of CVE-2025-55177 was combined with CVE-2025-43300, an out-of-bounds write vulnerability in Apple's ImageIO framework, creating a sophisticated attack vector.
4
Attackers exploited this vulnerability to compromise devices without any user interaction, indicating a high level of sophistication in the operation.
5
WhatsApp has since patched the vulnerability, urging users to update to the latest versions to mitigate risks associated with this exploit.
6
Security experts, including Donncha Ó Cearbhaill from Amnesty International, noted that targeted users have been warned about potential spyware campaigns linked to these vulnerabilities.

Threat Overview

WhatsApp has announced a critical security vulnerability, designated CVE-2025-55177, which has been exploited in sophisticated zero-click attacks targeting users of its messaging platform on Apple devices. The company confirmed that the flaw was found in its applications for iOS and Mac, specifically in versions prior to 2.25.21.73 and 2.25.21.78, respectively. 'We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users,' WhatsApp stated in its security advisory on August 29, 2025. This combination of vulnerabilities has raised significant concerns about the potential compromise of sensitive user data, including messages and personal information.

The vulnerability was identified as stemming from an 'incomplete authorization of linked device synchronization messages' in WhatsApp, which allowed unauthorized users to trigger the processing of content from arbitrary URLs on a target's device without user interaction. This zero-click capability is particularly alarming, as it enables attackers to infiltrate devices silently. The additional exploitation of CVE-2025-43300, an out-of-bounds write vulnerability in Apple's ImageIO framework, has amplified the threat. Apple had previously patched this OS-level vulnerability, indicating that it had been exploited in 'extremely sophisticated attacks against specific targeted individuals.'

Security experts have underscored the complexity of these attacks, with Donncha Ó Cearbhaill, head of the Security Lab at Amnesty International, noting that WhatsApp has warned certain users about being targeted in an advanced spyware campaign over the past 90 days. The attacks exemplify a sophisticated use of vulnerabilities that could potentially affect a large number of users.

In response to these threats, WhatsApp has released patches and urged users to update to the latest versions of its applications. The company has emphasized the importance of these updates to mitigate risks associated with the identified vulnerabilities. The cybersecurity community is closely monitoring the situation, with experts analyzing the implications of these exploits and the ongoing threats posed to users. 'We've made changes to prevent this specific attack from occurring through WhatsApp. However, your device's operating system could remain compromised by other vulnerabilities,' WhatsApp noted.

Going forward, users are advised to ensure their applications are updated to the most recent versions to protect against these vulnerabilities. The security community continues to investigate the full extent of the exploits and their impact on user security, with detailed guidance expected as more information becomes available.

Tactics, Techniques & Procedures (TTPs)

T1203
Exploitation of Vulnerability - Attackers exploited CVE-2025-55177 by leveraging incomplete authorization in WhatsApp [1][4]
T1071.001
Application Layer Protocol - Zero-click attack vector utilized to bypass user interaction [2][3]
T1583
Acquire Infrastructure - Attackers may have used custom URLs to deliver exploits without user consent [1][2]
T1202
Information Disclosure - Sensitive data potentially accessed through compromised devices [3][4]
T1086
PowerShell - Possible use of scripts to facilitate exploitation via WhatsApp vulnerabilities [2][4]
T1499
Endpoint Denial of Service - Targeted attacks may disrupt service on compromised devices [3][4]
T1552.001
Unencrypted Credentials - Potential for credential harvesting through compromised applications [1][3]

Timeline of Events

2025-08-15
WhatsApp internal team identifies CVE-2025-55177 during security audits [3]
2025-08-20
Apple acknowledges CVE-2025-43300 as exploited in targeted attacks [4]
2025-08-25
Security researchers report increased activity associated with the exploitation of these vulnerabilities [2]
2025-08-29
WhatsApp issues security advisory and patches for CVE-2025-55177 [1][3]
2025-08-30
Users advised to update to versions 2.25.21.73 for iOS and 2.25.21.78 for Mac [4]
Ongoing
Monitoring of user reports and security assessments continue as threats evolve [2][3]

Source Citations

expert_quotes: {'Apple response': 'Article 3', 'WhatsApp advisory': 'Article 1', 'Donncha Ó Cearbhaill': 'Article 2'}
primary_findings: {'CVE details and advisory': 'Articles 1, 3, 4', 'User impact and warnings': 'Articles 2, 3', 'Vulnerability exploitation evidence': 'Articles 2, 4'}
technical_details: {'Vulnerability descriptions': 'Articles 1, 2, 3', 'Patch details and recommendations': 'Articles 3, 4'}
Powered by ThreatCluster AI
Generated 1 hour ago
Recent Analysis
AI analysis may contain inaccuracies

Related Articles

4 articles
1

WhatsApp Zero-Day Vulnerability Exploited with 0-Click Attacks to Hack Apple Devices

GB Hackers 2 hours ago

WhatsApp Zero-Day Vulnerability Exploited with 0-Click Attacks to Hack Apple Devices WhatsApp has issued a critical security advisory addressing a newly discovered zero-day vulnerability, tracked as CVE-2025-55177, which has been exploited in highly sophisticated zero-click attacks targeting Mac and iOS users. The vulnerability, combined with an OS-level flaw (CVE-2025-43300), has raised alarms the potential compromise of user devices and data, including sensitive messages. Vulnerability Details

Score
84
100.0% similarity
Read more
2

WhatsApp 0-Day Vulnerability Exploited to Hack Mac and iOS Users

Cybersecurity News 4 hours ago

A sophisticated attack campaign has leveraged a previously unknown zero-day vulnerability in WhatsApp on Apple devices to target specific users, the company has confirmed. The vulnerability, now identified as CVE-2025-55177, was combined with a separate vulnerability in Apple’s operating systems to compromise devices and access user data. WhatsApp has since patched the vulnerability and has […]

Score
81
98.0% similarity
Read more
3
WhatsApp patches vulnerability exploited in zero-day attacks

WhatsApp patches vulnerability exploited in zero-day attacks

BleepingComputer 5 hours ago

WhatsApp patches vulnerability exploited in zero-day attacks Sergiu Gatlan August 29, 2025 12:31 PM 0 WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. The company says thiszero-click flaw(tracked as CVE-2025-55177) affects WhatsApp for iOS prior to version 2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78. "Incomplete authorization of linked device synchronization messages in Wh

Score
78
98.0% similarity
Read more