Ethical Hacking News
A new zero-click exploit has been discovered that allegedly uses a vulnerability in WhatsApp to hack users. The attack targets both iPhone and Android devices, including civil society members. Experts warn of the need for increased vigilance and robust cybersecurity measures to protect against such threats.
WhatsApp has been targeted by a new zero-click exploit that allows attackers to bypass authorization and compromise devices.The exploit, CVE-2025-55177, targets an iOS and Mac authorization bypass issue.A zero-click vulnerability recently patched by Apple (CVE-2025-43300) was also used in the WhatsApp attack.WhatsApp has sent out threat notifications to users who may have been targeted by a malicious message or spyware campaign.The exploit affects both iPhone and Android users, highlighting the need for increased vigilance and robust cybersecurity measures.
WhatsApp, a popular messaging platform used by millions of people worldwide, has recently become the target of a new zero-click exploit. The exploit, which was allegedly used to hack WhatsApp users, is considered a serious concern for cybersecurity experts.
The exploit targets an authorization bypass issue in WhatsApp on iOS and Mac, tracked as CVE-2025-55177. This vulnerability allowed attackers to force "content from arbitrary URL" to be rendered on a target's device. In addition to this vulnerability, a zero-click vulnerability recently patched by Apple (CVE-2025-43300) was also used in the WhatsApp attack.
According to Donncha Ó Cearbhaill, Head of Security Lab at @AmnestyTech, WhatsApp has sent out a round of threat notifications to individuals they believe were targeted by an advanced spyware campaign in the past 90 days. The notification warns users that a malicious message may have exploited OS flaws to compromise devices and data.
The WhatsApp zero-click attack affects both iPhone and Android users, including civil society. This attack highlights the need for increased vigilance and robust cybersecurity measures to protect against such threats.
"Also important: the Apple vulnerability was in a core image library, targeting possible through other apps besides WhatsApp," continues Donncha √ì Cearbhaill. "Make sure to update your devices and enabled iOS Lockdown Mode or Android’s Advanced Protection Mode to help protect against attacks like"
This recent zero-click exploit is part of a growing trend of commercial spyware vendors using such exploits in stealth spyware campaigns. Surveillance software used by these malicious actors can spy on high-risk individuals, including journalists, human rights defenders, dissidents, and opposition party politicians.
The surveillance industry has experienced exponential growth due to the sustained demand from rogue governments, intelligence agencies, and malicious actors for sophisticated malware and surveillance tools. In early August, Meta announced that it is sponsoring ZDI’s Pwn2Own Ireland 2025 hacking competition, where participants can earn big prizes for smartphone, WhatsApp, and wearable device exploits.
To contact me write an email to:
Pierluigi Paganini : [email protected]
LEARN MORE
Related Information:
https://www.ethicalhackingnews.com/articles/New-Zero-Click-Exploit-Used-to-Hack-WhatsApp-Users-A-Growing-Concern-for-Cybersecurity-ehn.shtml
https://securityaffairs.com/181714/intelligence/new-zero-click-exploit-allegedly-used-to-hack-whatsapp-users.html
https://techcrunch.com/2025/08/29/whatsapp-fixes-zero-click-bug-used-to-hack-apple-users-with-spyware/
https://nvd.nist.gov/vuln/detail/CVE-2025-55177
https://www.cvedetails.com/cve/CVE-2025-55177/
https://nvd.nist.gov/vuln/detail/CVE-2025-43300
https://www.cvedetails.com/cve/CVE-2025-43300/
Published: Fri Aug 29 21:02:04 2025 by llama3.2 3B Q4_K_M
