"WhatsApp fixed a serious vulnerability that was exploited in a series of attacks in which victims did not need to take any action. The vulnerability, known as CVE-2025-55177, was found in the synchronization process of linked devices and allowed attackers to remotely process content from any URL on a victim's device. Combined with a flaw in Apple's ImageIO framework, catalogued as CVE-2025-43300, this created an attack chain known as a zero-click exploit."
"Patches for the vulnerability are now available. WhatsApp users on iOS must install at least version 2.25.21.73, while WhatsApp Business on iOS and the macOS version require at least 2.25.21.78. These updates greatly reduce the risk of abuse. Nevertheless, it remains important for users to remain alert. This is because zero-click attacks often take place invisibly and can cause significant damage in a short period of time."
The vulnerability CVE-2025-55177 in WhatsApp's linked-devices synchronization allowed attackers to remotely process content from any URL on a victim's device. A flaw in Apple's ImageIO framework, CVE-2025-43300, combined with that weakness to form a zero-click exploit capable of compromising targets without user interaction. Fewer than 200 users received personal warnings. Patches require WhatsApp iOS version 2.25.21.73 and WhatsApp Business iOS/macOS version 2.25.21.78. Android exposure is possible. Affected users were advised to perform full factory resets and enable Lockdown Mode on iOS or Advanced Protection Mode on Android. Zero-click attacks bypass traditional defenses and pose high short-term risk.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]