Unsolicited intrusion on Apple devices via WhatsApp, employing a zero-click tactic

Unsolicited intrusion on Apple devices via WhatsApp, employing a zero-click tactic

WhatsApp Warns Users of Potential Malicious Messages and Security Vulnerability

WhatsApp users have been issued warning messages regarding potential malicious messages, according to recent reports. This issue affects various versions of the popular messaging app, including iOS Version 2.25.21.73 or older, WhatsApp Business for iOS Version 2.25.21.78, and WhatsApp for Mac version 2.25.21.78 or older.

The security vulnerability, known as CVE-2025-55177, allows for code injection without user intervention. This vulnerability affects iPhones, iPads, and macOS computers, particularly when messages are automatically synchronized with devices.

Meta, the company behind WhatsApp, is currently updating various clients to address this issue. The vulnerability has been registered under EUVD-2025-26214 and has a CVSS score of 8.0, indicating a high risk.

The vulnerability affects the "Image I/O" library and allows executable code to be injected via manipulated images. This means that an attacker could potentially install spyware on a user's device via a URL, without requiring user confirmation – a so-called zero-click attack.

Donncha Ó Cearbhaill, head of the Security Lab at Amnesty International, has stated that the vulnerability has also been actively exploited. However, the name of the attacker who exploited the vulnerability has not been publicly disclosed in the available information.

It's important to note that iOS, iPadOS, and macOS should be updated immediately due to the operating system vulnerabilities. A full factory reset is also recommended for the affected device.

In addition, keeping the operating system and WhatsApp application up-to-date in the future is advised to prevent similar issues. The previously known security vulnerability CVE-2025-43300, which Apple closed last week, can be used in conjunction with the new vulnerability.

As reported by Meta, the vulnerability may have already been exploited. The activist writes on the X platform that it is unclear whether the affected device was successfully compromised.

While the relationship between the website & ct and the vulnerability is unclear, and the mention of Peertube lacks context, it's advisable for users to exercise caution when clicking on links or opening messages from unknown sources.

In conclusion, users are urged to update their WhatsApp and operating systems as soon as possible to mitigate these security risks. Staying vigilant and keeping software updated is key to maintaining the security of your digital devices.

Read also:

• Oxidative Stress in Sperm Abnormalities: Impact of Reactive Oxygen Species (ROS) on Sperm Harm
• Is it possible to receive the hepatitis B vaccine more than once?
• Transgender Individuals and Menopause: A Question of Occurrence?
• Genetically manipulated rabbits sprout ominous black horns on their heads