On August 29, WhatsApp introduced that it had patched a safety vulnerability in its iOS and Mac apps that was being exploited to secretly entry the units of “particular focused customers.”
The Meta-owned messaging platform stated in its advisory that the flaw, recognized as CVE-2025-55177, has been fastened. Apple had addressed a associated problem final week, tracked as CVE-2025-43300, which was exploited alongside the WhatsApp bug in what the corporate described as a “very subtle assault towards particular focused people.”
In keeping with Amnesty Worldwide’s Safety Lab chief Donncha Ó Cearbhaill, the marketing campaign ran for about 90 days beginning late Might and concerned an “superior adware operation.” One of many vulnerabilities enabled a “zero-click” exploit, permitting attackers to contaminate a tool with out requiring any motion from the sufferer.
Ó Cearbhaill stated the assault chain allowed hackers to make use of WhatsApp as a supply vector to steal knowledge from iPhones, together with messages and different delicate data. WhatsApp additionally despatched warning notifications to affected customers. The identities of the attackers or adware distributors behind the marketing campaign stay unknown.
Meta spokesperson Margarita Franklin informed JHB the flaw was patched “just a few weeks in the past” and confirmed that fewer than 200 WhatsApp customers had been notified. She declined to touch upon attribution.
This isn’t the primary time WhatsApp has been exploited in government-linked adware operations. In Might, a U.S. courtroom ordered Israeli adware maker NSO Group to pay WhatsApp $167 million in damages over its 2019 Pegasus marketing campaign, which contaminated greater than 1,400 units.
Earlier this 12 months, WhatsApp additionally disrupted a adware marketing campaign concentrating on round 90 customers, together with Italian journalists and civil society representatives. The Italian authorities denied involvement, and adware maker Paragon later lower off Italy’s entry to its hacking instruments.
© IE On-line Media Providers Pvt Ltd