WhatsApp has rushed to patch a critical zero-day vulnerability that was actively exploited in targeted cyberattacks against journalists, activists, and other high-profile individuals over the past 90 days. The flaw allowed attackers to compromise devices without any user interaction, making it particularly dangerous for surveillance operations.
The vulnerability, tracked as CVE-2025-55177, affected WhatsApp for iOS (prior to v2.25.21.73), WhatsApp Business for iOS (v2.25.21.78), and WhatsApp for Mac (v2.25.21.78). The flaw stemmed from "incomplete authorization of linked device synchronization messages," enabling attackers to force WhatsApp into processing content from malicious URLs directly on victims' devices.
"We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users," WhatsApp stated in its security advisory.
The exploit chain leveraged Apple's recently patched CVE-2025-43300 zero-day, which Apple described as part of an "extremely sophisticated" spyware campaign. This combination created a powerful attack vector that required no victim interaction—no clicking links or opening messages.
Targeted Surveillance Campaign
Donncha Ó Cearbhaill, head of Amnesty International's Security Lab, confirmed that WhatsApp recently issued threat notifications to individuals targeted in this advanced spyware campaign. The alerts warned that while WhatsApp blocked the specific attack path, malware might persist at the operating system level.
This marks WhatsApp's second major zero-day incident this year. In March 2025, the platform patched another vulnerability exploited to deliver Paragon's Graphite spyware, primarily targeting journalists and civil society members.
Security experts emphasize these aren't random cybercrimes but state-sponsored surveillance operations. Zero-click iOS exploits can cost millions on the exploit market, making them accessible primarily to governments targeting journalists, activists, politicians, and human rights defenders.
Immediate Action Required
Users should immediately update WhatsApp and their iOS/macOS systems. Those who received threat notifications should consider performing a complete factory reset to remove persistent malware. High-risk individuals, including journalists and activists, should enable Apple's Lockdown Mode for additional protection against sophisticated attacks.
The incident underscores how attackers increasingly combine multiple zero-day vulnerabilities across platforms to create undetectable surveillance tools, highlighting the ongoing arms race between security researchers and state-sponsored threat actors.