WhatsApp and Apple issue emergency update for advanced spyware campaign

WhatsApp has announced that crooks may have exploited a security vulnerability in its messaging apps for Apple iOS and macOS to execute a spyware campaign.

The vulnerability, called CVE-2025-55177, could have allowed threat actors to trigger the processing of harmful content from external URLs hidden in seemingly ordinary messages on a target's device.

According to the company, it relates to insufficient authorization of linked device synchronization messages.

The issue affected certain versions of WhatsApp for iOS:

• WhatsApp for iOS before v2.25.21.73
• WhatsApp Business for iOS v2.25.21.78
• WhatsApp for Mac v2.25.21.78

“We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users,” WhatsApp said.

The previously disclosed CVE-2025-43300 vulnerability, an out-of-bounds write vulnerability in the ImageIO framework, allowed the recipient to execute arbitrary code rather than view the attachment when opening image files in WhatsApp.

In April, the messaging platform patched this dangerous spoofing issue, which allowed crooks to send executables that appeared to receivers like images, PDFs, or other files. The company said it had not seen any evidence of exploitation, but added:

“A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp.”