A Major Security Breach Uncovered

WhatsApp has revealed a significant security vulnerability in its iOS and Mac applications that has allowed hackers to stealthily infiltrate Apple devices of selected users. On Friday, the Meta-owned messaging giant announced it had patched the flaw, designated CVE-2025-55177, just as Apple addressed a related issue in its systems, indexed as CVE-2025-43300.

The Chilling Nature of the Attack

According to Apple, these vulnerabilities were exploited in an ‘extremely sophisticated’ campaign aimed at specific targets. It has come to light that numerous WhatsApp users fell victim to this combination of flaws. Donncha Ó Cearbhaill, who leads Amnesty International’s Security Lab, described the operation on social media as an 'advanced spyware campaign' that has been ongoing for nearly three months, catching users completely off guard.

Zero-Click Exploit: No Interaction Required!

Remarkably, these vulnerabilities constitute a 'zero-click' attack, meaning that the victim doesn't need to do anything—such as clicking a link—for their device to be compromised. This makes it particularly insidious, allowing attackers to deploy malicious exploits via WhatsApp to extract personal data from users' Apple devices.

The Impact on Users

Ó Cearbhaill shared a notification from WhatsApp that underscored the severity of the breach, revealing that the attack could 'compromise your device and the data it contains, including messages.' As of now, there's no clarity on the identity of the attackers or which spyware vendor is behind this troubling initiative.

WhatsApp's Response and Ongoing Threat

Meta's spokesperson, Margarita Franklin, confirmed that the company identified and fixed the issue a few weeks ago, notifying 'less than 200' affected users. When pressed for details about the potential attackers or entities involved, Franklin refrained from providing specifics.

A History of Targeted Attacks

This incident marks yet another chapter in the troubling saga of spyware targeting WhatsApp users. Just last May, a U.S. court mandated that the notorious spyware vendor NSO Group pay WhatsApp $167 million for a 2019 hacking spree that compromised over 1,400 of its users through its infamous Pegasus malware.

Earlier this year, WhatsApp thwarted another similar campaign aimed at around 90 individuals, including journalists and activists in Italy, although the Italian government denied involvement. In a dramatic twist, the spyware firm involved, Paragon, withdrew its hacking tools from Italy due to the government's lack of investigation into the abuse.

Have You Been Affected?

Did you receive a notification indicating your device was compromised? If so, don't hesitate to reach out securely via Signal at username zackwhittaker.1337.