WhatsApp recently addressed a critical security flaw in its iOS and Mac applications that facilitated zero-click attacks against a limited number of high-profile individuals. The vulnerability, identified as CVE-2025-55177, stemmed from an incomplete authorization of linked device synchronization messages, enabling unauthorized users to process content from arbitrary URLs on a victim’s device. This flaw was reportedly exploited in conjunction with another vulnerability, CVE-2025-43300, patched in August 2025. This sophisticated attack, which has been active since late May 2025, enabled attackers to compromise devices without requiring any interaction from the victim.
Amnesty International’s Security Lab confirmed the existence of this advanced spyware campaign targeting Apple users. WhatsApp sent notifications to fewer than 200 affected users, indicating a highly targeted approach likely aimed at maximizing impact while minimizing detection. The data breach notifications revealed that compromised devices and their data, including messages, were likely accessed. Despite the sophisticated nature of the attack, the perpetrators remain unidentified.
The limited number of victims suggests a highly targeted campaign, possibly orchestrated by a state-sponsored actor or a similarly resourced group. Zero-click exploits are exceptionally rare and often associated with nation-state espionage targeting high-value individuals such as politicians, diplomats, journalists, and dissidents. The complexity of the attack, leveraging multiple vulnerabilities, underscores the importance of timely software updates and robust security practices.
The discovery of this vulnerability underscores the ongoing threat posed by sophisticated zero-click attacks. This incident follows the revelation in April 2025 of multiple vulnerabilities within Apple’s AirPlay protocol and SDK, some of which could also have facilitated zero-click attacks. The ongoing evolution of these attack methods underscores the need for continued vigilance and proactive security measures from both software developers and users.
