- Computer pirates have been pointing to WhatsApp users in iOS and Mac
- The threat of the actors abused a new error that allowed click attacks
- Apparently, Meta sent less than 200 Cyberattack warning notifications
WhatsApp has paved a high severity vulnerability in its iOS and Mac applications that was apparently used in zero click attacks against a handful of high profile individuals.
In a security notice, the company said that it set CVE-2025-55177, an “incomplete authorization of synchronization messages of WhatsApp devices” that “could have allowed an unrelated user to activate content processing from an arbitrary URL on the device of an objective.”
This error was supposedly chained with a separate defect, solved in early August, tracked as CVE-2025-43300. These two were used “in a sophisticated attack against specific users.”
Aimed at high profile individuals
The head of the Amnesty International Security Laboratory, Doncha or Cearbhaill, said in X that an “advanced spy campaign” has been active since the end of May 2025, addressed to Apple users with a “click zero” attack that does not require interaction of the victim, Techcrunch reported.
The same source published a copy of the data violation notification letter that WhatsApp sent to the affected people, in which it was said that their device and the data contained (including messages) were probably committed.
At the time of publication, no threat actor assumed the responsibility of this attack, and the researchers could still not attribute it to anyone.
However, said spokeswoman Margarita Franklin Techcrunch The company had sent “less than 200” notifications.
This could mean that the attacks were very attacked, possibly to maximize their efficiency and not attract too much attention from the cybersecurity community.
Click attacks are very separate, and when they appear, they are generally abused by nation-states in espionage campaigns against politicians and diplomats, journalists, dissidents, government agents, military and defense personnel, and the like.
At the end of April 2025, the researchers found the Apple AirPlay protocol and the AirPlay software development kit (SDK) with numerous vulnerabilities that could have been abused to execute remote code execution attacks (RCE), man attacks in the medium (MITM) or service denial attacks (two). Some of these vulnerabilities could also have been used in click attacks.
Through Techcrunch
