WhatsApp has confirmed it has fixed a serious security flaw in its iOS and Mac apps, following an advanced spyware campaign that targeted dozens of users over a three-month period. Experts have described the attack as “extremely sophisticated,” prompting urgent warnings for iPhone users to update immediately.
The vulnerability, dubbed CVE-2025-55177, is a “zero-click” flaw, meaning victims did not need to interact with any link for their devices to be compromised, explained Donncha Ó Cearbhaill, head of Amnesty International’s Security Lab. Attackers could access messages and other sensitive data without any user action.
WhatsApp’s advisory notes that the bug, combined with an OS-level flaw on Apple devices (CVE-2025-43300), allowed attackers to trigger processing of content from arbitrary URLs. In simpler terms, malware or spyware could be delivered under the guise of harmless-looking links.
Ó Cearbhaill added that early indications show both iPhone and Android users were affected, including civil society individuals. The attackers remain unidentified.
Meta sent personalised warnings to potentially affected users, advising them to update WhatsApp and iOS to the latest versions or perform a full factory reset if needed. Recommended updates include v2.25.21.73 for iOS and v2.25.21.78 for Mac.
Users were also advised to enable iOS Lockdown Mode or Android’s Advanced Protection Mode for extra security.
The campaign highlights the growing sophistication of cyber threats. While initially thought to affect only iOS and macOS, evidence suggests Android devices may also be at risk. The incident underscores the critical importance of prompt updates and protective measures to safeguard personal data.
WhatsApp is rolling out a feature to protect users from group chat scams that could target bank accounts. It applies to anyone invited to a group chat by someone they might not know.
How the new safety overview works
The app will display a “safety overview” before users can view messages. It includes:
Group creation date, inviter, and member count
Scam warnings and tips to limit group invitations
Options to exit the group immediately or view the chat for more information
This builds on the context card feature introduced last year but adds an interstitial warning for unfamiliar invites.
According to The Sun, WhatsApp’s new safety overviews are part of its ongoing efforts to tackle scams. In June, the platform, in partnership with Meta and OpenAI, shut down a criminal scam operation in Cambodia that used AI to lure victims into fraudulent WhatsApp groups.
