Subj : WhatsApp security warning - zero-click bug hits Apple users with To : All From : TechnologyDaily Date : Mon Sep 01 2025 16:00:09 WhatsApp security warning - zero-click bug hits Apple users with spyware, so update now Date: Mon, 01 Sep 2025 14:42:53 +0000 Description: Flaw reportedly required no interaction from the victim. FULL STORY ======================================================================Hackers have been targeting WhatsApp users on iOS and Mac The threat actors abused a new bug which enabled zero-click attacks Meta apparently sent less than 200 cyberattack warning notifications WhatsApp has patched a high-severity vulnerability in its iOS and Mac applications which was apparently used in zero-click attacks against a handful of high-profile individuals. In a security advisory, the company said it fixed CVE-2025-55177, an incomplete authorization of linked device synchronization messages in WhatsApp bug which, could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a targets device. This bug was allegedly chained with a separate flaw, fixed earlier in August, tracked as CVE-2025-43300. These two were used in a sophisticated attack against specific targeted users. Targeting high-profile individuals Head of the Amnesty Internationals Security Lab, Donncha Cearbhaill, said on X that an advanced spyware campaign has been active since the end of May 2025, targeting Apple users with a zero-click attack that requires no interaction from the victim, TechCrunch reported. The same source posted a copy of the data breach notification letter WhatsApp sent to affected individuals, in which it was said that their device, and the data it contains (including messages) were most likely compromised. At press time, no threat actors assumed responsibility for this attack, and the researchers were not yet able to attribute it to anyone. However, Meta spokesperson Margarita Franklin told TechCrunch the company had sent out less than 200 notifications. This could mean the attacks were highly targeted, possibly to maximize its efficiency and not draw too much attention from the cybersecurity community. Zero-click attacks are few and far apart, and when they do pop up, they are usually abused by nation-states in espionage campaigns against politicians and diplomats, journalists, dissidents, government agents, military and defense personnel, and similar. In late April 2025, researchers found Apples AirPlay Protocol and AirPlay Software Development Kit (SDK) carrying numerous vulnerabilities that could have been abused to run remote code execution (RCE) attacks, man-in-the-middle (MitM) attacks, or denial of service (DoS) attacks. Some of these vulnerabilities could have been used in zero-click attacks, too. Via TechCrunch You might also like Millions of Apple AirPlay devices susceptible to 'AirBorne' zero-click RCE attacks, so patch now Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/whatsapp-security-warning-zero-click-bu g-hits-apple-users-with-spyware-so-update-now --- Mystic BBS v1.12 A49 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .