WhatsApp Simply Patched a ‘Zero Click on’ Bug Being Used to Hack Apple Customers

On Friday, WhatsApp introduced that it had patched a software program vulnerability that was being utilized by unknown hackers to focus on particular customers of Apple merchandise and hack them with adware.

WhatsApp, which is owned by Meta, stated in an advisory that the beforehand unknown bug “might have been exploited in a classy assault towards particular focused customers.” The vulnerability is formally dubbed CVE-2025-55177.

TechCrunch notes that this week, WhatsApp mounted the bug whereas final week, Apple mounted one other bug, often known as CVE-2025-43300. Collectively, these vulnerabilities seem to have been the weak spots that allowed malicious adware assaults concentrating on particular Apple customers, supposed to steal knowledge from their gadgets, the outlet writes.

Apple describes its bug as such: “Processing a malicious picture file might end in reminiscence corruption. Apple is conscious of a report that this problem might have been exploited in an especially refined assault towards particular focused people.” Gizmodo reached out to Apple and WhatsApp for extra info.

WhatsApp instructed TechCrunch that it had notified “lower than 200 customers” that they might have been impacted by the marketing campaign. Donncha Ó Cearbhaill, head of Amnesty Worldwide’s Safety Lab, said that the notifications had been despatched out over the previous 90 days. “Our crew at Amnesty Worldwide’s Safety Lab is actively investigating instances with quite a few people focused on this marketing campaign,” Cearbhaill stated on X. “We can be found to assist members of civil society who’ve obtained the WhatsApp notifications.”

Zero-click assaults have grow to be more and more frequent and are scary as a result of, simply because the title would counsel, they don’t require any energetic phishing to penetrate into the inside contents of an individual’s cell OS. Typically, all a nasty actor must do is ship a malicious file (typically a picture), which might take over the cellphone by itself. Over the past a number of years, malware able to zero-click assaults has been focused at journalists, activists, and authorities officers—a lot of it originating from companies based in Israel.