WhatsApp, the widely used messaging application owned by Meta, has resolved a critical security flaw in its iOS and Mac apps that was exploited to silently hack Apple devices of targeted users. The vulnerability, designated as CVE-2025-55177, was used in tandem with another flaw discovered in iOS and Mac systems, CVE-2025-43300, which Apple addressed last week. The attack, referred to as a ‘zero-click’ exploit, enables attackers to compromise devices without requiring any interaction from the user, facilitating data theft, including messages.
Donncha O Cearbhaill, the head of Amnesty International’s Security Lab, has detailed the campaign, which targeted users over the past 90 days, beginning from May. O Cearbhaill described the pair of bugs as a ‘zero-click’ attack, meaning it does not require any user interaction to compromise their device. According to O Cearbhaill, the attack was able to