data breaches

How the Zero-Click Exploit Works

Published

3 months ago

on

Meta fixes actively exploited flaw chained with recent Apple bug; high-risk users urged to update immediately

Meta has shipped an emergency WhatsApp update to fix CVE-2025-55177, a zero-click vulnerability exploited against selected iOS and macOS users, likely in tandem with Apple CVE-2025-43300. Researchers say the campaign targeted dozens of people over roughly 90 days. Users should update to the latest iOS and Mac builds now and review device security.

WhatsApp has patched a zero-click vulnerability, tracked as CVE-2025-55177, that was actively exploited in targeted spyware attacks—often chained with Apple’s CVE-2025-43300—prompting urgent update warnings for iPhone and Mac users worldwide.

Key Developments

  • What happened: WhatsApp fixed a flaw abused in the wild to compromise specific users of its iOS and macOS apps via zero-click techniques. Apple’s CVE-2025-43300 ImageIO bug was reportedly used in the same attack chain.
  • Who’s affected: Targeted iPhone and Mac users—particularly high-risk groups such as journalists, activists, and civil society members. WhatsApp says it notified impacted individuals.
  • Fix versions: WhatsApp for iOS 2.25.21.73 and later, WhatsApp Business for iOS 2.25.21.78, and WhatsApp for Mac 2.25.21.78 and later include the patch. Update immediately.

“This zero-click chain is another reminder that mobile devices are prime targets for precision surveillance,” said Donncha Ó Cearbhaill, head of Amnesty International’s Security Lab. He noted WhatsApp had recently informed an unspecified number of targeted users. The Hacker News

A WhatsApp spokesperson said the company “rolled out protections as soon as we confirmed exploitation” and has been working with partners to notify and safeguard affected users. BleepingComputer

“Messaging apps now underpin critical communications. A WhatsApp zero-day chained with an Apple bug elevates the risk from personal privacy to national-security relevance,” said El Mostafa Ouchen, cybersecurity author and analyst. “Rapid patching, device hardening, and ongoing threat monitoring are non-negotiable for at-risk users.”

Technical Analysis

Vulnerabilities and chaining.

  • CVE-2025-55177 (WhatsApp): A zero-click flaw abused against iOS and macOS clients in a targeted campaign. WhatsApp said it was exploited in the wild.
  • CVE-2025-43300 (Apple): An ImageIO out-of-bounds write leading to memory corruption when handling malicious images; Apple said it was weaponized in “extremely sophisticated” attacks.

Likely attack path (based on public reports):

  1. Delivery via malicious content that required no tap (zero-click) to trigger parsing,
  2. Client execution on WhatsApp (CVE-2025-55177), potentially enabling device foothold,
  3. Privilege and data access extended by exploiting Apple’s ImageIO bug (CVE-2025-43300), enabling surveillance modules.

MITRE ATT&CK mapping (inferred):

  • T1203 – Exploitation for Client Execution (WhatsApp client exploit),
  • T1056 – Input Capture (spyware key/audio capture),
  • T1040/T1041 – Network Sniffing/Exfiltration over C2 (data theft channels),
  • T1027 – Obfuscated/Encrypted Files (anti-analysis/stealth).
    (Techniques mapped from behaviors reported across zero-click mobile spyware cases and the public write-ups cited.)

Indicators & scope.
Reports indicate dozens of targets over roughly 90 days. WhatsApp issued in-app notifications to those believed impacted.

Impact & Response

  • User impact: Potential compromise of messages, device sensors (mic/camera), and account metadata for targeted individuals.
  • Vendor actions: Emergency patches pushed to iOS and Mac; outreach to victims and cooperation with partners.
  • User actions now:
    • Update WhatsApp to the latest iOS/Mac versions immediately, and apply the latest Apple security updates addressing CVE-2025-43300.
    • Consider iPhone Lockdown Mode (or hardened profiles on other platforms) for high-risk users; audit app permissions and check for unusual battery/network behavior.
  • Regulatory outlook: Given the civil-society targeting, privacy regulators and CERTs are expected to examine disclosure timelines and cross-border notification.

Background

WhatsApp has previously faced high-profile spyware incidents—including zero-click cases—spurring periodic legal and policy battles and a standing cat-and-mouse with commercial surveillance vendors. The latest campaign reinforces that Apple platform hardening and third-party app defenses must advance in lockstep to blunt exploit chains.

What’s Next

WhatsApp and external researchers are continuing attribution and scope analysis. Users should keep auto-updates on and monitor advisories for new indicators of compromise. Expect more granular technical details in forthcoming vendor bulletins and mobile forensics reports.

Sources

  • The Hacker News: WhatsApp patches CVE-2025-55177; possible chaining with Apple CVE-2025-43300. The Hacker News
  • BleepingComputer: Affected versions and zero-click exploitation details. BleepingComputer
  • TechCrunch/TechRadar/Malwarebytes: Active exploitation, targeting, and user guidance. TechCrunchTechRadarMalwarebytes
  • THN Weekly Recap: Additional confirmation of exploit nature. The Hacker News

Related Topics:

Trending

Exit mobile version