WhatsApp addresses zero-day vulnerability exploited in complex hacking operation, specifically designed for Apple devices
WhatsApp users have once again become the target of government-grade spyware, as a sophisticated attack campaign leveraged a zero-day vulnerability to compromise devices and access user data.
The attack, which targeted specific individuals, combined a vulnerability in WhatsApp with a separate flaw in Apple's operating systems. The vulnerability in WhatsApp, CVE-2025-55177, existed in the way the messaging app handled linked device synchronization messages. This flaw could allow an attacker to trigger the processing of content from an arbitrary URL on a target device.
The initial entry point for the attack was through WhatsApp on iOS and macOS. WhatsApp has patched the vulnerability that was used in the attack, and is sending threat notifications to individuals it believes were targeted by the advanced spyware campaign within the last 90 days.
Apple has also patched the separate flaw (CVE-2025-43300) that was used in the attack last week.
WhatsApp disrupted a similar spyware campaign earlier this year, targeting around 90 users, including journalists and civil society members in Italy. In May, a U.S. court ordered spyware maker NSO Group to pay WhatsApp $167 million in damages for a 2019 hacking campaign. However, it is not immediately clear who is behind the current attacks or which spyware vendor was involved.
Reports indicate that dozens of WhatsApp users were targeted with this pair of vulnerabilities. The attacks on WhatsApp users exploiting a chain of security vulnerabilities, including CVE-2025-55177, were carried out by the "Fire Ant" cyber spies, a state-affiliated hacker group reportedly involved in highly targeted zero-click iPhone attacks.
WhatsApp urges affected users to take immediate action to secure their devices. Users who have not yet updated their apps are encouraged to do so as soon as possible. By updating to the latest version, users can ensure that they are protected against this vulnerability and any other potential threats.
Apple did not immediately respond to requests for comment. The Italian government has denied involvement in the spyware campaign.
