WhatsApp Issues Emergency Update for Major Security Flaw

WhatsApp has addressed a significant security vulnerability in its iOS and macOS messaging apps, identified as CVE-2025-55177, which had a severity score of 8.0. This flaw, discovered and rectified by WhatsApp's security team, involved improper authorization of linked devices for message syncing. It potentially allowed unauthorized individuals to manipulate a target's device to process content from any web address. This issue may have been exploited in conjunction with another Apple vulnerability, CVE-2025-43300, which affects iOS, iPadOS, and macOS. The latter involves a memory corruption issue in the ImageIO system when handling malicious images and has been used in sophisticated attacks against specific individuals.

Donncha Ó Cearbhaill from Amnesty International's Security Lab noted that WhatsApp has informed some users of potential targeting by spyware using CVE-2025-55177 in recent months. The company advised affected users to reset their devices to factory settings and ensure their operating systems and apps are up to date. These vulnerabilities are described as "zero-click" attacks, meaning they do not require user interaction to compromise devices. The attacks have reportedly impacted both iPhone and Android users, including those in civil society, highlighting the ongoing threat of government spyware to journalists and human rights defenders. The identity of the attackers remains unknown.

Stay secure — stay Wavasec. 🔐