{“lastseen”:”2025-09-01T19:01:16″,”description”:”WhatsApp says it has issued an update to patch a vulnerability that has been used in conjunction with an Apple vulnerability to target specific users and compromise their devices.\\n\\nReportedly, attackers used this exploit against dozens of WhatsApp users, and WhatsApp has notified those affected:\\n\\n\\n\\n\\u003e \u201cOur investigation indicates that a malicious message may have been sent to you through WhatsApp and combined with other vulnerabilities in your device\u2019s operating system to compromise your device and the data it contains, including messages.\\n\\u003e \\n\\u003e \\n\\u003e While we don\u2019t know with certainty that your device has been compromised, we wanted to let you know out of an abundance of caution so you can take steps to secure your device and information.\u201d\\n\\nWhatsApp advised the affected users to perform a full factory reset of their phone in order to make sure they are rid of the malware.\\n\\n\\n\\n\\u003e \u201cWe\u2019ve made changes to prevent this specific attack from occurring through WhatsApp. However, your device\u2019s operating system could remain compromised by the malware or targeted in other ways.\\n\\u003e \\n\\u003e \\n\\u003e To best protect yourself, we recommend a full device factory reset. We also strongly urge you to keep your devices updated to the latest version of the operating system, and ensure that your WhatsApp app is up to date.\u201d\\n\\nAccording to the Amnesty International Security Lab, the vulnerability was part of a zero-click attack against both iPhone and Android users. A zero-click attack is a type of attack which allows the cybercriminals to break into devices or apps without the victim needing to click, tap, or respond to anything. Unlike classic scams that rely on tricking someone into clicking a sketchy link, zero-click threats can land on a device simply because an app receives a message or notification crafted to exploit a hidden flaw.\\n\\n## Technical details\\n\\nThe zero-click attack required two vulnerabilities. \\n\\nFor iOS and Mac users these vulnerabilities were tracked as CVE-2025-43300 and lie in the Image I\/O framework, the part of macOS and iOS that an app needs to open or save a picture. The problem came from an out-of-bounds write. Apple stepped in and tightened the rules with better bounds checking, closing off the hole so attackers can no longer use it.\\n\\nAn out-of-bounds write vulnerability means that the attacker can manipulate parts of the device\u2019s memory that should be out of their reach. Such a flaw in a program allows it to read or write outside the bounds the program sets, enabling attackers to manipulate other parts of the memory allocated to more critical functions. Attackers can write code to a part of the memory where the system executes it with permissions that the program and user should not have.\\n\\nIn this case, an attacker could construct an image to exploit the vulnerability. Processing such a malicious image file would result in memory corruption. Attackers can exploit memory corruption flaws to crash important processes or execute their own code.\\n\\nThe second vulnerability, CVE-2025-55177 for WhatsApp users, is caused by incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 and could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target\u2019s device.\\n\\n## What to do\\n\\nThe infection chain described in the security advisories from Apple and WhatsApp relies on two components: an Apple vulnerability (CVE-2025-43300) in the Image I\/O framework and a WhatsApp vulnerability (CVE-2025-55177) that allowed the hijacking of devices by synchronizing messages. \\n\\nAttackers exploited the Apple ImageIO bug via malicious image files, which is dangerous because this core library is used by multiple apps (not just WhatsApp) for opening and previewing pictures. In affected WhatsApp versions for iOS and Mac, the sync message bug could trigger arbitrary URL processing, creating a powerful combo for chaining exploits and compromising devices without any user action.\\n\\nWhile Android users were mentioned among potential targets in advanced spyware campaigns reported by Amnesty, the most severe zero-click risk described applies only to Apple devices. For Android, the WhatsApp vulnerability may have exposed users to attacks, but not via the same chained infection vectors. As always, updating WhatsApp and enabling advanced security features (like Google Advanced Protection on Android) is highly recommended. So is using security protection on your devices.\\n\\nIf you’ve received one of the notifications from WhatsApp, we\u2019d advise you to follow the instructions.\\n\\n* * *\\n\\n**We don\u2019t just report on phone security\u2014we provide it**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.”,”published”:”2025-09-01T13:55:18″,”modified”:”2025-09-01T13:55:18″,”type”:”malwarebytes”,”title”:”WhatsApp fixes vulnerability used in zero-click attacks”,”source”:””,”references”:””,”id”:”MALWAREBYTES:EF1B95AB2E37DC06DEB79183928CE62E”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2025-43300″,”CVE-2025-55177″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:8.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/09\/whatsapp-fixes-vulnerability-used-in-zero-click-attacks”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-09-01T19:01:16″,”description”:”WhatsApp says it has issued an update to patch a vulnerability that has been used in conjunction with an Apple vulnerability to target specific users…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,41,12,15,115,13,7,11,5],"class_list":["post-15379","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-88","tag-exploit","tag-high","tag-malwarebytes","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n