Ethical Hacking News
WhatsApp has patched a critical vulnerability that was being exploited in sophisticated Apple user attacks, warning users that less than 200 may have been targeted. The platform is urging all users to install the patch immediately and offering support to those who have received notifications. This latest incident highlights the ongoing threat of zero-click attacks and the need for regular security updates and vigilance when it comes to protecting personal data.
WhatsApp disclosed a critical security vulnerability, CVE-2025-55177, which was being exploited by unknown hackers targeting specific Apple users. The bug was patched, and WhatsApp notified "less than 200 users" that they may have been impacted by the campaign. Malicious zero-click attacks have become increasingly common, allowing bad actors to steal data from devices without active phishing. The vulnerability has raised concerns about Apple product security and the importance of regular software updates and vigilance in protecting personal data.
WhatsApp, a popular messaging and social media platform owned by Meta, has recently disclosed a critical security vulnerability that was being exploited by unknown hackers to target specific users of Apple products. In an urgent advisory, WhatsApp revealed that it had patched the previously unknown bug, officially dubbed CVE-2025-55177, which may have been used in sophisticated attacks against targeted users.
According to TechCrunch, this week, WhatsApp fixed the bug while last week, Apple fixed another bug, known as CVE-2025-43300. Together, these vulnerabilities appear to have been the weak spots that allowed malicious spyware attacks targeting specific Apple users, intended to steal data from their devices. This is not an isolated incident, as zero-click attacks have become increasingly common and are frightening because they don’t require any active phishing to penetrate into the inner contents of a person’s mobile OS.
Often, all a bad actor needs to do is send a malicious file (often an image), which can take over the phone by itself. Over the last several years, malware capable of zero-click attacks has been targeted at journalists, activists, and government officials—much of it originating from companies based in Israel.
In this latest incident, WhatsApp notified “less than 200 users” that they may have been impacted by the campaign. Donncha Cearbhaill, head of Amnesty International’s Security Lab, said that the notifications had been sent out over the past 90 days. "Our team at Amnesty International’s Security Lab is actively investigating cases with a number of individuals targeted in this campaign," Cearbhaill said on X. “We are available to support members of civil society who have received the WhatsApp notifications.”
The revelation has raised concerns about the vulnerability of Apple products and the potential for malicious attacks. It highlights the importance of regular software updates and security patches, as well as the need for users to be vigilant when it comes to protecting their personal data.
In response to this incident, WhatsApp has taken steps to address the issue and protect its users. The platform's patch has been made available to all users, with instructions provided on how to install it. Additionally, WhatsApp is actively investigating cases involving targeted attacks and working with law enforcement agencies to bring those responsible to justice.
This incident serves as a reminder of the ongoing threat posed by sophisticated cyber attacks and the need for individuals and organizations to prioritize security and take proactive steps to protect themselves.
Related Information:
https://www.ethicalhackingnews.com/articles/WhatsApp-Reveals-Urgent-Patch-for-Vulnerability-Exploited-in-Sophisticated-Apple-User-Attacks-ehn.shtml
https://gizmodo.com/whatsapp-zero-click-bug-apple-cybersecurity-2000650896
https://techcrunch.com/2025/08/29/whatsapp-fixes-zero-click-bug-used-to-hack-apple-users-with-spyware/
https://nvd.nist.gov/vuln/detail/CVE-2025-55177
https://www.cvedetails.com/cve/CVE-2025-55177/
https://nvd.nist.gov/vuln/detail/CVE-2025-43300
https://www.cvedetails.com/cve/CVE-2025-43300/
Published: Sat Aug 30 11:04:11 2025 by llama3.2 3B Q4_K_M
