WhatsApp Fixes 'Zero-Click' Bug Used To Hack Apple Users With Spyware (techcrunch.com)
(Friday August 29, 2025 @05:21PM (BeauHD)
from the time-to-update dept.)
- Reference: 0178933158
- News link: https://it.slashdot.org/story/25/08/29/2020202/whatsapp-fixes-zero-click-bug-used-to-hack-apple-users-with-spyware
- Source link: https://techcrunch.com/2025/08/29/whatsapp-fixes-zero-click-bug-used-to-hack-apple-users-with-spyware/
An anonymous reader quotes a report from TechCrunch:
> WhatsApp said on Friday that it fixed a security bug in its iOS and Mac apps that was [1]being used to stealthily hack into the Apple devices of "specific targeted users ." The Meta-owned messaging app giant said in its security advisory that it fixed the vulnerability, known [2]officially as CVE-2025-55177 , which was used alongside a separate flaw found in iOS and Macs, which Apple fixed last week and tracks as [3]CVE-2025-43300 .
>
> Apple said at the time that the flaw was used in an "extremely sophisticated attack against specific targeted individuals." Now we know that dozens of WhatsApp users were targeted with this pair of flaws. Donncha O Cearbhaill, who heads Amnesty International's Security Lab, described the attack in [4]a post on X as an "advanced spyware campaign" that targeted users over the past 90 days, or since the end of May. O Cearbhaill described the pair of bugs as a "zero-click" attack, meaning it does not require any interaction from the victim, such as clicking a link, to compromise their device.
>
> The two bugs chained together allow an attacker to deliver a malicious exploit through WhatsApp that's capable of stealing data from the user's Apple device. Per O Cearbhaill, who posted a copy of the threat notification that WhatsApp sent to affected users, the attack was able to "compromise your device and the data it contains, including messages." It's not immediately clear who, or which spyware vendor, is behind the attacks. When reached by TechCrunch, Meta spokesperson Margarita Franklin confirmed the company detected and patched the flaw "a few weeks ago" and that the company sent "less than 200" notifications to affected WhatsApp users. The spokesperson did not say, when asked, if WhatsApp has evidence to attribute the hacks to a specific attacker or surveillance vendor.
[1] https://techcrunch.com/2025/08/29/whatsapp-fixes-zero-click-bug-used-to-hack-apple-users-with-spyware/
[2] https://www.whatsapp.com/security/advisories/2025/#content-wrapper
[3] https://support.apple.com/en-us/124925
[4] https://x.com/DonnchaC/status/1961444710620303653
> WhatsApp said on Friday that it fixed a security bug in its iOS and Mac apps that was [1]being used to stealthily hack into the Apple devices of "specific targeted users ." The Meta-owned messaging app giant said in its security advisory that it fixed the vulnerability, known [2]officially as CVE-2025-55177 , which was used alongside a separate flaw found in iOS and Macs, which Apple fixed last week and tracks as [3]CVE-2025-43300 .
>
> Apple said at the time that the flaw was used in an "extremely sophisticated attack against specific targeted individuals." Now we know that dozens of WhatsApp users were targeted with this pair of flaws. Donncha O Cearbhaill, who heads Amnesty International's Security Lab, described the attack in [4]a post on X as an "advanced spyware campaign" that targeted users over the past 90 days, or since the end of May. O Cearbhaill described the pair of bugs as a "zero-click" attack, meaning it does not require any interaction from the victim, such as clicking a link, to compromise their device.
>
> The two bugs chained together allow an attacker to deliver a malicious exploit through WhatsApp that's capable of stealing data from the user's Apple device. Per O Cearbhaill, who posted a copy of the threat notification that WhatsApp sent to affected users, the attack was able to "compromise your device and the data it contains, including messages." It's not immediately clear who, or which spyware vendor, is behind the attacks. When reached by TechCrunch, Meta spokesperson Margarita Franklin confirmed the company detected and patched the flaw "a few weeks ago" and that the company sent "less than 200" notifications to affected WhatsApp users. The spokesperson did not say, when asked, if WhatsApp has evidence to attribute the hacks to a specific attacker or surveillance vendor.
[1] https://techcrunch.com/2025/08/29/whatsapp-fixes-zero-click-bug-used-to-hack-apple-users-with-spyware/
[2] https://www.whatsapp.com/security/advisories/2025/#content-wrapper
[3] https://support.apple.com/en-us/124925
[4] https://x.com/DonnchaC/status/1961444710620303653
Not really a zero click exploit (Score:2)
by 93 Escort Wagon ( 326346 )
To be exposed to this attack, the user first had to intentionally install the known malware vector known as WhatsApp.
My fix (Score:2)
My fix for "WhatsApp" is to never have installed it.
Re: (Score:2)
I wish I could have possessed your foresight on this matter.
Re: (Score:2)
No foresight. Just laziness.
From what I gather, it's some kind of chat program. I already have one, didn't see a point in another one.
Re: (Score:2)
It was the smell. It stunk of Facebook and so was easy to avoid.