Home
Apps
Apps News
WhatsApp Fixes Zero Click Vulnerability that Affects iOS, macOS Versions of the App

WhatsApp Fixes Zero-Click Vulnerability that Affects iOS, macOS Versions of the App

The WhatsApp bug, alongside a separate OS-level flaw on Apple platforms, could have been used to carry out targeted attacks.

Written by Akash Dutta, Edited by Ketan Pratap | Updated: 1 September 2025 13:28 IST

WhatsApp Fixes Zero-Click Vulnerability that Affects iOS, macOS Versions of the App

Photo Credit: Unsplash/Mika Baumeister

The company has reportedly found 200 potential victims of the flaw

Highlights

The security flaw has been labelled CVE-2025-55177
WhatsApp has fixed the vulnerability
Apple had fixed the security flaw earlier this month

WhatsApp has fixed a zero-click security vulnerability, which could have been used to carry out sophisticated attacks against targeted individuals, the company said. The flaw affected the Meta-owned messenger app's iOS and macOS versions, and could “trigger processing of content from an arbitrary URL on a target's device.” While the flaw itself was not particularly dangerous, a separate operating system-level vulnerability in Apple's platforms could enable direct hacking attempts against the devices. Notably, both security issues have been fixed.

WhatsApp Says Hackers Could Have exploited the Security Flaw

In a security update, WhatsApp detailed a zero-click flaw that could have been exploited by hackers to carry out a sophisticated attack against targeted users. The vulnerability, designated CVE-2025-55177, enabled “incomplete authorisation of linked device synchronisation messages,” and could have allowed an unrelated user to trigger the processing of content from an arbitrary URL on a target's device.

To explain, normally, when a user links devices (via WhatsApp Web or WhatsApp for Mac), messages between devices are only processed if they come from a legitimate and authorised source. However, in this case, these checks were incomplete, and a malicious actor could trick WhatsApp into processing content from a URL, even if it did not originate from an authenticated device.

WhatsApp Is Working on Shorter Timers for Disappearing Messages

As per the company, the vulnerability impacted WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78.

WhatsApp highlighted that, while the vulnerability itself would not have been deemed dangerous, the existence of an OS-level vulnerability on Apple platforms resulted in the possibility that hackers could break into targeted devices. Designated CVE-2025-43300, this vulnerability was fixed by the iPhone maker earlier this month. The company also urged users to update their devices immediately.

According to a TechCrunch report, Meta spokesperson Margarita Franklink said that the vulnerability was spotted and fixed a few weeks ago. Additionally, the company had sent fewer than 200 notifications to WhatsApp users who might have been affected by the security flaw.

WhatsApp for iOS and WhatsApp for macOS users should update their apps to the latest version, even if they did not receive any update from the company, to ensure their security.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: WhatsApp, iOS, macOS, Apple, Cybersecurity, Apps

Akash Dutta Email Akash Dutta

Akash Dutta is a Chief Sub Editor at Gadgets 360. He is particularly interested in the social impact of technological developments and loves reading about emerging fields such as AI, metaverse, and fediverse. In his free time, he can be seen supporting his favourite football club - Chelsea, watching movies and anime, and sharing passionate opinions on food. More