523
A critical zero-day vulnerability in WhatsApp has been identified that posed a serious security threat to Apple users. This vulnerability, known as CVE-2025-55177, allowed unauthorized content processing on Apple devices running WhatsApp. While the severity of this vulnerability is rated as medium, its active exploitation in combination with another Apple system vulnerability (CVE-2025-43300) has raised concerns among security experts.
Exploitation of WhatsApp Zero-Day Vulnerability
WhatsApp confirmed that threat actors have been actively exploiting the CVE-2025-55177 vulnerability to target specific Apple users. This vulnerability, when combined with the CVE-2025-43300 flaw in Apple systems, has enabled sophisticated attacks against vulnerable devices.
Apple released patches for the CVE-2025-43300 vulnerability in August 2025, addressing the out-of-bounds write issue related to image file processing. The company rolled out updates for iOS, iPadOS, and macOS to mitigate the security risk associated with this flaw.
WhatsApp has advised users to update their devices to the latest software versions to protect against potential threats. The tech giant has also warned users of possible device compromise if they have already been impacted by the malware exploiting these vulnerabilities.
Notification to Potentially Affected WhatsApp Users
WhatsApp has notified specific users who may have been affected by the zero-day vulnerability. Users have been alerted about the possibility of a malicious message compromising their devices and data. WhatsApp recommended performing a full device factory reset as a precautionary measure.
While the exact nature of the malware or spyware campaign exploiting these vulnerabilities remains unknown, WhatsApp vulnerabilities have historically been targeted by sophisticated spyware campaigns like NSO’s Pegasus. These vulnerabilities provide a covert entry point into secure Apple devices.
Share your thoughts and insights in the comments section below.
