The WhatsApp bug, alongside a separate OS-level flaw on Apple platforms, could have been used to carry out targeted attacks.
The company has reportedly found 200 potential victims of the flaw
Photo Credit: Unsplash/Mika Baumeister
WhatsApp has fixed a zero-click security vulnerability, which could have been used to carry out sophisticated attacks against targeted individuals, the company said. The flaw affected the Meta-owned messenger app's iOS and macOS versions, and could “trigger processing of content from an arbitrary URL on a target's device.” While the flaw itself was not particularly dangerous, a separate operating system-level vulnerability in Apple's platforms could enable direct hacking attempts against the devices. Notably, both security issues have been fixed.
In a security update, WhatsApp detailed a zero-click flaw that could have been exploited by hackers to carry out a sophisticated attack against targeted users. The vulnerability, designated CVE-2025-55177, enabled “incomplete authorisation of linked device synchronisation messages,” and could have allowed an unrelated user to trigger the processing of content from an arbitrary URL on a target's device.
To explain, normally, when a user links devices (via WhatsApp Web or WhatsApp for Mac), messages between devices are only processed if they come from a legitimate and authorised source. However, in this case, these checks were incomplete, and a malicious actor could trick WhatsApp into processing content from a URL, even if it did not originate from an authenticated device.
As per the company, the vulnerability impacted WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78.
WhatsApp highlighted that, while the vulnerability itself would not have been deemed dangerous, the existence of an OS-level vulnerability on Apple platforms resulted in the possibility that hackers could break into targeted devices. Designated CVE-2025-43300, this vulnerability was fixed by the iPhone maker earlier this month. The company also urged users to update their devices immediately.
According to a TechCrunch report, Meta spokesperson Margarita Franklink said that the vulnerability was spotted and fixed a few weeks ago. Additionally, the company had sent fewer than 200 notifications to WhatsApp users who might have been affected by the security flaw.
WhatsApp for iOS and WhatsApp for macOS users should update their apps to the latest version, even if they did not receive any update from the company, to ensure their security.
Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.