{“lastseen”:”2025-08-30T05:12:35″,”description”:”\\n\\nWhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks.\\n\\nThe vulnerability, **CVE-2025-55177** (CVSS score: 8.0), relates to a case of insufficient authorization of linked device synchronization messages. Internal researchers on the WhatsApp Security Team have been credited with discovering and rerating the bug.\\n\\nThe Meta-owned company said the issue \\”could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.\\”\\n\\n\\n\\nThe flaw affects the following versions -\\n\\n * WhatsApp for iOS prior to version 2.25.21.73\\n * WhatsApp Business for iOS version 2.25.21.78, and\\n * WhatsApp for Mac version 2.25.21.78\\n\\n\\n\\nIt also assessed that the shortcoming may have been chained with CVE-2025-43300, a vulnerability affecting iOS, iPadOS, and macOS, as part of a sophisticated attack against specific targeted users.\\n\\nCVE-2025-43300 was disclosed by Apple last week as having been weaponized in an \\”extremely sophisticated attack against specific targeted individuals.\\”\\n\\nThe vulnerability in question is an out-of-bounds write vulnerability in the ImageIO framework that could result in memory corruption when processing a malicious image.\\n\\nDonncha \u00d3 Cearbhaill, head of the Security Lab at Amnesty International, said WhatsApp has notified an unspecified number of individuals that they believe were targeted by an advanced spyware campaign in the past 90 days using CVE-2025-55177.\\n\\nIn the alert sent to the targeted individuals, WhatsApp has also recommended performing a full device factory reset and keeping their operating system and the WhatsApp app up-to-date for optimal protection. It’s currently not known who, or which spyware vendor, is behind the attacks.\\n\\n\\n\\n\u00d3 Cearbhaill described the pair of vulnerabilities as a \\”zero-click\\” attack, meaning it does not require any user interaction, such as clicking a link, to compromise their device.\\n\\n\\”Early indications are that the WhatsApp attack is impacting both iPhone and Android users, civil society individuals among them,\\” \u00d3 Cearbhaill said. \\”Government spyware continues to pose a threat to journalists and human rights defenders.\\”\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2025-08-30T04:36:00″,”modified”:”2025-08-30T04:36:47″,”type”:”thn”,”title”:”WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices”,”source”:””,”references”:””,”id”:”THN:3A65D63D8A66367916BBE9C07FC21461″,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[“CVE-2025-43300″,”CVE-2025-55177″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:8.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2025\/08\/whatsapp-issues-emergency-update-for.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-08-30T05:12:35″,”description”:”\\n\\nWhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,41,12,15,13,7,11,43,5],"class_list":["post-15194","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-88","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n