WhatsApp has fixed two major security flaws in its iOS and Mac applications after they were exploited in a sophisticated spyware attack that targeted Apple users. The vulnerabilities, tracked as CVE 2025 55177 and CVE 2025 43300, allowed attackers to compromise devices through a “zero click” exploit, requiring no interaction from the victim.
The attack, active for the past 90 days, was described by Amnesty International’s Security Lab as an “advanced spyware campaign”. Around 90 people were targeted, including journalists and civil society members in Italy. Although the Italian government denied involvement, another spyware provider, Paragon, cut off Italy’s access to its tools due to the lack of investigation into misuse.
Meta, the parent company of WhatsApp, confirmed that it discovered and patched the flaws “a few weeks ago”. A spokesperson said fewer than 200 users were affected and that all impacted individuals had been notified. According to Apple, the attack was “extremely sophisticated” and aimed at “specific targeted individuals”, putting their devices and personal data at serious risk.
This incident follows earlier cases of spyware being used against WhatsApp users. In a landmark ruling, a US court ordered NSO Group, the maker of Pegasus spyware, to pay 167 million dollars to WhatsApp over a 2019 hacking campaign that affected more than 1,400 users. The lawsuit alleged breaches of federal and state hacking laws, as well as violations of WhatsApp’s terms of service.
In its latest advisory, WhatsApp warned affected users that the exploit could “compromise your device and the data it contains, including messages”. Security experts stress the importance of keeping apps updated to protect against such threats.
The company continues to strengthen its defences against government grade spyware that often relies on zero day flaws, vulnerabilities unknown to vendors until exploited. The recent patch and legal actions highlight WhatsApp’s efforts to safeguard user privacy while holding spyware developers accountable.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
