Ethical Hacking News
WhatsApp has patched a critical zero-day exploit that could have allowed attackers to compromise iOS and macOS devices by triggering malicious content from arbitrary URLs. The vulnerability, identified as CVE-2025-55177, has been rated with a CVSS score of 8.0 and was discovered by internal researchers on the WhatsApp Security Team.
WhatsApp has issued an emergency update to patch CVE-2025-55177, a critical vulnerability that could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target's device.The vulnerability relates to insufficient authorization of linked device synchronization messages and was discovered by internal researchers on the WhatsApp Security Team.WhatsApp has notified an unspecified number of individuals who were believed to have been targeted by this advanced spyware campaign using CVE-2025-55177.The patch for this vulnerability was released on July 28, 2025 (for iOS) and August 4, 2025 (for macOS).WhatsApp recommends keeping operating system and app up-to-date for optimal protection against similar attacks.
In a move to address the growing concern of targeted zero-day attacks, WhatsApp has issued an emergency update to patch a critical vulnerability that could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target's device. The vulnerability, identified as CVE-2025-55177, was discovered by internal researchers on the WhatsApp Security Team and has been rated with a CVSS score of 8.0.
The CVE-2025-55177 vulnerability relates to insufficient authorization of linked device synchronization messages, which could have potentially been exploited in conjunction with another recently disclosed Apple flaw (CVE-2025-43300) as part of a sophisticated attack against specific targeted users. This exploit was reportedly used in an "extremely sophisticated attack" that aimed to compromise the security of both iPhone and Android devices.
According to Donncha Ó Cearbhaill, head of the Security Lab at Amnesty International, WhatsApp has notified an unspecified number of individuals who were believed to have been targeted by this advanced spyware campaign using CVE-2025-55177. The affected users were reportedly informed to perform a full device factory reset and keep their operating system and the WhatsApp app up-to-date for optimal protection.
The WhatsApp Security Team acknowledged that the vulnerability could have been chained with the CVE-2025-43300, which was disclosed by Apple last week as having been weaponized in an "extremely sophisticated attack against specific targeted individuals." This exploit resulted in memory corruption when processing a malicious image due to an out-of-bounds write vulnerability in the ImageIO framework.
The WhatsApp patch for this vulnerability was released on July 28, 2025 (for iOS) and August 4, 2025 (for macOS). The company has also recommended that users keep their operating system and the WhatsApp app up-to-date for optimal protection against similar attacks.
It's worth noting that the impact of this exploit is not limited to the targeted individuals. According to Ó Cearbhaill, "Government spyware continues to pose a threat to journalists and human rights defenders." This highlights the need for users to remain vigilant when it comes to cybersecurity and to regularly update their software and apps.
As the cyber landscape continues to evolve with new threats emerging daily, WhatsApp's proactive approach in addressing this vulnerability serves as a reminder of the importance of staying informed and taking steps to protect ourselves against potential security risks.
Related Information:
https://www.ethicalhackingnews.com/articles/WhatsApp-Patches-Critical-Zero-Click-Exploit-Targeting-iOS-and-macOS-Devices-ehn.shtml
https://thehackernews.com/2025/08/whatsapp-issues-emergency-update-for.html
https://nvd.nist.gov/vuln/detail/CVE-2025-55177
https://www.cvedetails.com/cve/CVE-2025-55177/
https://nvd.nist.gov/vuln/detail/CVE-2025-43300
https://www.cvedetails.com/cve/CVE-2025-43300/
Published: Sun Aug 31 06:18:49 2025 by llama3.2 3B Q4_K_M
