WhatsApp Takes Action Against Stealthy Spyware Hack

In a swift response to security concerns, WhatsApp announced on Friday that it has patched a critical vulnerability affecting its iOS and Mac applications. This major fix comes after the discovery that this weakness was exploited to secretly penetrate the devices of specific Apple users, potentially compromising their data.

The Flaw in Focus: CVE-2025-55177

Known as CVE-2025-55177, this alarming security loophole was utilized alongside another vulnerability, CVE-2025-43300, which Apple patched just last week. According to Apple, these vulnerabilities facilitated ‘extremely sophisticated attacks’ against targeted individuals, hinting at a well-organized effort to breach privacy.

A Dangerous Zero-Click Attack

Donncha Ó Cearbhaill from Amnesty International’s Security Lab classified the attack as an ‘advanced spyware campaign’ that unfolded over the past 90 days, marking a significant threat to users. The malicious exploits formed a ‘zero-click’ attack chain, allowing hackers to infiltrate devices without any interaction from the victim, such as clicking on a suspicious link.

Stolen Data at Risk!

The dual vulnerabilities enabled attackers to send a malicious payload via WhatsApp, which could effectively steal sensitive information, including messages stored on Apple devices. This information came from a security notification WhatsApp sent to the users impacted by the breach.

Who’s Behind the Attacks?

While Meta, WhatsApp’s parent company, reported detecting the flaw weeks ago and has sent less than 200 notifications to affected users, they have yet to unveil the identity of the attackers or their sponsorship by any spyware vendor.

A History of Targeted Attacks

This is not the first instance of WhatsApp users becoming victims of government-sponsored spyware. In a landmark case, a U.S. court ordered the notorious NSO Group to compensate WhatsApp with $167 million due to a 2019 hacking campaign that exploited vulnerabilities to install Pegasus spyware on over 1,400 devices. WhatsApp argued it was a violation of hacking laws and their terms of service.

Spying Campaigns Under the Spotlight

Earlier this year, WhatsApp thwarted another spyware initiative targeting around 90 users, notably journalists and civil society members in Italy. Though the Italian government denied involvement, the company behind the spyware, Paragon, ceased operations in the country after refusing to investigate the misuse of their tools.

Stay Vigilant!

Did you receive a notification about a compromised device? If so, it's crucial to stay alert and secure your information. Communication can be done securely via Signal with user zackwhittaker.1337. Stay safe out there!