WhatsApp Fixes Zero-Click Spyware Bug on Apple Devices

WhatsApp Fixes Zero-Click Spyware Bug on Apple Devices

WhatsApp has patched a dangerous “zero-click” spyware flaw that hackers used to target iOS and Mac users, raising new concerns about advanced cyberattacks.

What Happened?

WhatsApp confirmed it fixed a critical vulnerability, tracked as CVE-2025-55177, that allowed hackers to launch stealth spyware attacks on Apple devices. The exploit was chained with another flaw in iOS and macOS (CVE-2025-43300), which Apple had patched last week.

Unlike traditional malware, this was a zero-click attack — meaning victims didn’t have to click links or interact with messages for their devices to be compromised.

Who Was Targeted?

According to Amnesty International’s Security Lab, the spyware campaign began in late May 2025 and continued for 90 days. Fewer than 200 WhatsApp users worldwide were targeted, many of them journalists, activists, and other high-risk individuals.

The exploit could:

• Steal sensitive data, including messages and files
• Bypass normal Apple security protections
• Fully compromise an iPhone or Mac without warning

WhatsApp and Apple’s Response

• WhatsApp: Patched the flaw “a few weeks ago” and notified affected users.
• Apple: Confirmed the exploit was part of an “extremely sophisticated attack” against specific targets.
• Meta: Declined to name the group behind the spyware but confirmed it was not a mass hack.

This incident is similar to past campaigns involving Pegasus spyware by NSO Group, which exploited WhatsApp in 2019 and led to a $167 million judgment against NSO earlier this year.

Why It Matters

This attack highlights:

• The growing arms race in spyware tools
• The risk of zero-day exploits on even fully updated Apple devices
• The importance of fast patching and security updates

How to Stay Safe

• Update WhatsApp, iOS, and macOS immediately
• Enable automatic updates on all devices
• Be cautious with unknown contacts, even on trusted apps
• Monitor device behavior for unusual activity

Final Thoughts

The WhatsApp zero-click spyware attack shows how cybercriminals are evolving. While Meta and Apple acted quickly, the incident is a reminder that no device is entirely immune. For now, staying updated and security-aware is the best defense.