FaceTime Like a Pro
Get our exclusive Ultimate FaceTime Guide 📚 — absolutely FREE when you sign up for our newsletter below.
iGeeksBlog
WhatsApp Fixes ‘Zero-Click’ Spyware Bug on Apple Devices
WhatsApp patched a zero-click spyware bug used with an Apple flaw to hack iPhones and Macs. Here’s how the attack worked—and why you should update now.
Explore this post with:
Key Takeaways:
- WhatsApp zero-click flaw let hackers spy on iPhones and Macs without user interaction, secretly installing spyware through maliciously crafted WhatsApp messages.
- Exploit required no clicks or downloads, making it especially dangerous, since spyware could be deployed silently without the victim opening links or attachments.
- Amnesty International confirmed attacks since May 2025, with WhatsApp patching the flaw weeks later after detecting a limited but targeted spyware campaign.
- Meta urges immediate updates and full device resets to close vulnerabilities and remove possible infections, especially for users who may have been attacked earlier.
- Ongoing spyware threats like Pegasus highlight WhatsApp’s risks, showing why activists, journalists, and vulnerable groups remain frequent targets of advanced surveillance campaigns.
WhatsApp has fixed a major security flaw that was being used to silently hack iPhones and Macs. The Meta-owned app confirmed that attackers exploited a zero-click vulnerability, which requires no action from the victim, to install spyware and steal data. The flaw, tracked as CVE-2025-55177, was used in combination with a separate Apple bug (CVE-2025-43300) that the iPhone maker patched last week.
Apple described its vulnerability as part of an “extremely sophisticated attack” against specific targeted users. Together, the two bugs gave hackers a way to send a malicious message through WhatsApp that could compromise the device and access sensitive data, including messages, photos, and files.
A Sophisticated Zero-Click Attack
Amnesty International’s Security Lab, which has been investigating the campaign, said the spyware campaign has been active since late May. Donncha Ó Cearbhaill, who leads the lab, described it as a zero-click exploit, meaning victims did not have to click links or open files for their devices to be compromised. Amnesty confirmed that WhatsApp threat notifications were sent to affected individuals over the past 90 days.
Meta spokesperson Margarita Franklin said WhatsApp detected and patched the flaw weeks ago. The company has since notified fewer than 200 users, although it is unclear who was behind the campaign or which spyware vendor was involved.
Meta’s Advice to WhatsApp Users
In its advisory, WhatsApp warned that a malicious message may have been sent to targeted users and recommended that they not only update to the latest app and OS versions but also consider performing a full device factory reset. While both Apple and WhatsApp have rolled out fixes, Meta cautioned that devices compromised earlier may still be at risk.
Another Chapter In WhatsApp’s Spyware Battle
This isn’t the first time WhatsApp has been used as a vector for spyware delivery. In May, Israeli spyware firm NSO Group was ordered by a U.S. court to pay $167 million in damages for its 2019 Pegasus campaign, which hacked more than 1,400 WhatsApp users. Earlier this year, WhatsApp also disrupted a Paragon spyware campaign that targeted around 90 users in Italy, including journalists and civil society members.
For everyday users, the risks remain low since the attack was highly targeted. Still, the incident highlights the importance of keeping devices and apps up to date. With details of the flaws now public, outdated software is more likely to be exploited in opportunistic attacks. If you haven’t already, update WhatsApp and your Apple devices to the latest versions to stay protected.
Explore this post with:
Ravi Teja KNTS
Articles: 216
Related Posts
