WhatsApp and Apple Address Severely Hazardous 'One-Click' Flaw via Latest Security Revision; Learn How to Maintain Your Safety
In a significant development, Meta, the parent company of WhatsApp, has released a security update to address a series of vulnerabilities that were exploited in a highly sophisticated spyware campaign. The campaign, which lasted for about 90 days from late May, targeted a wide range of users, including activists, members of civil society, journalists, and human rights defenders.
The spyware campaign exploited a combined vulnerability in WhatsApp and Apple's operating system. On WhatsApp's end, the vulnerability, identified as CVE-2025-43300, was part of a "zero-click" exploit, allowing hackers to compromise a device without any action from the user. This bug was found in several versions of the platform, including WhatsApp for iOS before version 2.25.21.73, WhatsApp Business for iOS prior to version 2.25.21.78, and WhatsApp for Mac before version 2.25.21.78.
On Apple's side, the vulnerability, identified as CVE-2025-55177, could allow for memory corruption if a device processed a malicious image file.
The attacks, linked to state-sponsored actors, allowed hackers remote code execution and access to personal messages and data on iPhones and Macs. Fewer than 200 affected users of WhatsApp were notified of the potential breach due to the CVE-2025-43300 bug.
This type of attack, known as a zero-click attack, is among the most dangerous threats in the cyber world. Users often remain unaware that their device has been compromised in such an attack. Unlike regular cyberattacks, zero-click attacks can be carried out remotely, making them far more dangerous.
To protect devices, it's important to immediately update both WhatsApp and iPhone/iPad to the newest versions. It's also smart to be careful online, avoiding clicking on strange links or opening files from untrusted sources. A good habit is to always install security updates as soon as they are available to protect against new threats.
The WhatsApp and Apple security update was released to fix the 'Zero-Click Vulnerability' found on their platforms. It's crucial for users to apply these updates to safeguard their devices and personal data. While users have no preventive measures to take against zero-click exploits, being vigilant and prompt in applying updates can significantly reduce the risk of falling victim to such attacks.
