WhatsApp has released an urgent security update for its messaging applications on Apple devices, addressing a severe “zero-click” vulnerability that security researchers believe may have been actively exploited in the wild. The flaw, identified as CVE-2025-55177, affects WhatsApp for iOS prior to version 2.25.21.73, WhatsApp Business for iOS prior to version 2.25.21.78, and WhatsApp for Mac prior to version 2.25.21.78. The company is strongly urging all users on these platforms to update their applications immediately to protect themselves from potential compromise.
The vulnerability is particularly concerning due to its “zero-click” nature. This means a threat actor could potentially compromise a user’s device without any interaction from the victim, such as clicking a malicious link or opening a file. According to the official advisory, the flaw could have allowed an “unrelated user to trigger processing of content from an arbitrary URL on a target’s device.” This type of exploit is highly sophisticated and is often associated with state-sponsored attacks or advanced spyware campaigns, as it can be used to install malware or steal sensitive data, including messages and personal files.
The new vulnerability was reportedly used in conjunction with a separate flaw in Apple’s ImageIO framework, CVE-2025-43300, which was also recently patched. Amnesty International’s Security Lab head, Donncha Ó Cearbhaill, described the combination of the two vulnerabilities as a “zero-click” attack. The incident underscores the ongoing battle between tech companies and sophisticated cyber attackers who are constantly seeking new ways to bypass even the most secure systems.
While WhatsApp has stated that only a limited number of individuals were likely targeted, the risk remains for any user who has not yet updated their app. The company has already notified a small number of affected individuals and recommended that they perform a full device factory reset in addition to keeping their operating systems and applications up-to-date. For optimal protection, users should update their WhatsApp app from the Apple App Store or Mac App Store and enable automatic updates to ensure that future security fixes are applied promptly. This incident serves as a crucial reminder for all digital citizens about the importance of routine software updates as a primary defense against emerging cybersecurity threats.
