WhatsApp Simply Patched a ‘Zero Click on’ Bug Being Used to Hack Apple Customers

On Friday, WhatsApp introduced that it had patched a software program vulnerability that was being utilized by unknown hackers to focus on particular customers of Apple merchandise and hack them with spyware and adware.

WhatsApp, which is owned by Meta, stated in an advisory that the beforehand unknown bug “might have been exploited in a complicated assault in opposition to particular focused customers.” The vulnerability is formally dubbed CVE-2025-55177.

TechCrunch notes that this week, WhatsApp mounted the bug whereas final week, Apple mounted one other bug, often known as CVE-2025-43300. Collectively, these vulnerabilities seem to have been the weak spots that allowed malicious spyware and adware assaults focusing on particular Apple customers, supposed to steal information from their units, the outlet writes.

Apple describes its bug as such: “Processing a malicious picture file might lead to reminiscence corruption. Apple is conscious of a report that this situation might have been exploited in an especially refined assault in opposition to particular focused people.” Gizmodo reached out to Apple and WhatsApp for extra data.

WhatsApp advised TechCrunch that it had notified “lower than 200 customers” that they might have been impacted by the marketing campaign. Donncha Ó Cearbhaill, head of Amnesty Worldwide’s Safety Lab, said that the notifications had been despatched out over the previous 90 days. “Our workforce at Amnesty Worldwide’s Safety Lab is actively investigating instances with a lot of people focused on this marketing campaign,” Cearbhaill stated on X. “We can be found to help members of civil society who’ve acquired the WhatsApp notifications.”

Zero-click assaults have change into more and more frequent and are horrifying as a result of, simply because the identify would recommend, they don’t require any lively phishing to penetrate into the internal contents of an individual’s cell OS. Typically, all a nasty actor must do is ship a malicious file (usually a picture), which may take over the telephone by itself. Over the past a number of years, malware able to zero-click assaults has been focused at journalists, activists, and authorities officers—a lot of it originating from companies based in Israel.