Meta Patches WhatsApp Zero-Day Vulnerability Linked to Apple Zero-Day Exploit Chain

by | Sep 1, 2025 | News

Meta Patches WhatsApp Zero-Day Vulnerability Linked to Apple Zero-Day Exploit Chain

Post Views: 146




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

Vulnerability Overview

WhatsApp has patched a high-severity vulnerability (CVE-2025-55177) in its iOS and macOS apps that may have been actively exploited in targeted zero-day attacks.

  • Type: Insufficient authorization in linked device synchronization
  • Impact: Could allow an attacker to trigger processing of content from an arbitrary URL on a target device
  • Severity: CVSS 8.0 (CISA-ADP) / 5.4 (Meta Security)
  • Discovery: WhatsApp Security Team

Affected Versions and Fixes

The flaw affected multiple WhatsApp builds prior to recent updates:

  • WhatsApp for iOS: versions before 2.25.21.73 (patched July 28, 2025)
  • WhatsApp Business for iOS: version 2.25.21.78 (patched August 4, 2025)
  • WhatsApp for Mac: version 2.25.21.78 (patched August 4, 2025)

Users are strongly urged to update to the latest versions immediately.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Connection to Apple Zero-Day (CVE-2025-43300)

Meta assessed that CVE-2025-55177 may have been chained with CVE-2025-43300, a recently disclosed Apple zero-day in the ImageIO framework that allows memory corruption via a malicious image.

Apple described CVE-2025-43300 as being used in an “extremely sophisticated attack against specific targeted individuals.”

Together, the two flaws could be combined into a zero-click exploit chain requiring no user interaction.

Targets and Threat Actor Activity

  • WhatsApp notified fewer than 200 users that they may have been targeted.
  • Targets included civil society members, journalists, and human rights defenders, consistent with advanced spyware campaigns.
  • Amnesty International confirmed WhatsApp had alerted individuals likely compromised in the past 90 days.

While the attacker’s identity remains unknown, the tactics align with government-grade spyware vendors.

Trending: Using Favicon for OSINT




Trending: Offensive Security Tool: smugglo

Mitigation and Recommendations

WhatsApp’s guidance for high-risk users:

  • Perform a full factory reset of devices suspected to be targeted
  • Keep iOS/macOS fully updated
  • Always run the latest WhatsApp release
  • Consider restricting linked devices and reviewing account security

Trending: Sni5Gect Attack Framework Can Downgrade 5G Connections Without Rogue Base Stations

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: thehackernews.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This