A newly disclosed zero-click vulnerability has been patched in WhatsApp for iOS and macOS, raising alarms about advanced spyware campaigns exploiting Apple devices.
The flaw, tracked as CVE-2025-55177, was discovered by WhatsApp’s internal security team and reportedly used in targeted attacks against civil society groups.
In its advisory, WhatsApp stated the bug “could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.”
Inside CVE-2025-55177: How the attack works
CVE-2025-55177 is caused by insufficient authorization of linked device synchronization messages. When exploited, the bug can force a device to process malicious content from an attacker-controlled URL.
Researchers believe the flaw may have been chained with CVE-2025-43300, a recently disclosed Apple ImageIO out-of-bounds write vulnerability. This pairing enabled attackers to corrupt memory and compromise devices with no user interaction — a classic zero-click exploit.
The vulnerability highlights ongoing risks in the mobile ecosystem where even trusted applications can become vectors for advanced surveillance.
Affected versions include:
- WhatsApp for iOS prior to 2.25.21.73 (patched Jul. 28, 2025)
- WhatsApp Business for iOS prior to 2.25.21.78 (patched Aug. 4, 2025)
- WhatsApp for Mac prior to 2.25.21.78 (patched Aug. 4, 2025)
WhatsApp has sent out in-app threat notifications related to this exploit to a small group of users. See the full advisory here.
This case underscores a persistent trend: Attackers are increasingly exploiting messaging platforms and mobile ecosystems through zero-click exploits that bypass traditional user-driven infection vectors. By chaining vulnerabilities across ecosystems, such as WhatsApp and Apple’s ImageIO framework, adversaries gain stealthy, persistent access to high-value targets.
Spyware remains a severe risk for vulnerable communities, and enterprises must remain vigilant. The WhatsApp exploit serves as a reminder that even widely used, “secure” apps are not immune.
Action plan: Steps to mitigate spyware risks
To mitigate the impact of advanced spyware campaigns and protect users against zero-click exploits, organizations must act swiftly and adopt a layered defense approach. Beyond simply applying patches, security teams should combine technical controls, monitoring, and user awareness to strengthen resilience.
The following steps provide actionable measures to reduce exposure and mitigate risk.
- Update WhatsApp to the latest patched versions.
- Factory reset devices if flagged as targeted.
- Monitor logs for suspicious activity.
- Use defense-in-depth with zero-trust and patching.
- Enforce baselines with mobile device management (MDM).
- Collect and analyze threat intel data.
- Train staff on spyware risks and reporting.
- Harden communication platforms with strict policies.
- Deploy mobile EDR for detection and forensics.
- Block malicious C2 traffic at the network level.
- Conduct third-party risk assessments.
For broader protection, review your incident response playbooks and ensure they account for zero-day and zero-click exploitation techniques.
When spyware campaigns leverage trusted apps, proactive patching and layered defenses are the only safeguards against silent compromise.
A strong mobile device security policy streamlines management while keeping your organization protected against evolving threats. Discover how the right policy template can boost efficiency and security.