WhatsApp said on Friday that it set a security error in iOS and Mac applications used to hick secretly on the Apple devices of “specific targeted users”.
The post-ideal giant of the messaging application told her security advisory that she has determined the vulnerability, known Officially as CVE-2025-55177which was used in parallel with a distinct defect found in iOS and Macs, which Apple fixed last week and monitors as CVE-2025-43300.
Apple then said that the defect was used in a “highly sophisticated attack on specific targeted people”. Now we know that dozens of Whatsapp users had targeted with this pair of defects.
Donncha ó Cearbhaill, who is head of Amnesty International Security Laboratory, described the attack In a post on x As “advanced spyware campaign” targeting users in the last 90 days or by the end of May. Cearbhaill described the couple errors as an “zero -click” attack, which means that it does not require any interaction from the victim, such as the link click, to reconcile their device.
The two errors that are chained allow an intruder to deliver a malicious exploitation through WhatsApp that is able to steal data from the user’s Apple device.
Per ó Cearbhaill, who published a copy of the threat alert that whatsapp sent to affected users, the attack was able to “endanger your device and the data it contains, including messages”.
It is not immediately clear who, or which seller spyware, is behind the attacks.
When reached by TechCrunch, Meta Margarita Franklin spokesman confirmed that the company was identified and put the defect “a few weeks ago” and that the company had sent “less than 200” notifications to influenced Whatsapp users.
The spokesman did not say, when asked, if whatsApp has evidence to attribute the halls to a particular invader or surveillance supplier.
This is not the first time that WhatsApp users have targeted the government spyware, a kind of malicious software that can break into fully repaired devices with vulnerable spots that are not known to the seller, known as zero -day defects.
In May, a US court ordered the Spyware NSO manufacturer to pay Whatsapp $ 167 million losses for a 2019 hacking campaign that broke on the devices of more than 1,400 Whatsapp users with the NSO’s Pegasus Spyware. WhatsApp has brought the legal case against the NSO, citing a violation of federal and state laws on piracy, as well as its own terms of service.
Earlier this year, WhatsApp has interrupted a spyware campaign aimed at about 90 users, including journalists and members of civil society across Italy. The Italian government refused to participate in the espionage campaign. Paragon, whose spyware was used in the campaign, later cut Italy from hacking tools to avoid exploring abuse.
Did you get a notice that your device was at risk? Contact this journalist safely through the name Zackwhittaker.1337 in the signal.
