WhatsApp has fixed a serious zero-click security flaw that was used to target Apple users with advanced spyware.
The bug, tracked as CVE-2025-55177, allowed hackers to break into iPhones and Macs through WhatsApp without the victim clicking on anything.
According to Amnesty International’s Security Lab, the attack campaign began in late May and lasted around 90 days. By combining the WhatsApp flaw with another Apple bug (CVE-2025-43300), attackers were able to secretly install spyware and steal private data, including messages.
Meta, the parent company of WhatsApp, confirmed that it patched the issue weeks ago and notified fewer than 200 people who were targeted. Most of the victims are believed to be individuals linked to civil society groups.
Security experts are urging all iOS and macOS users to update WhatsApp and Apple software immediately to stay protected. Zero-click exploits are particularly dangerous because they do not require any user interaction, making them difficult to detect.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
