A glitch in WhatsApp left iPhone users vulnerable to a sophisticated 'zero-click' cyber attack capable of stealing personal data. WhatsApp issued in-app alerts to some users indicating they might have been targeted over the past 90 days. The flaw, tracked as CVE-2025-55177, was discovered by WhatsApp's internal security team and could allow an unrelated user to trigger processing of content from an arbitrary URL on a target device. WhatsApp says the vulnerability targets iOS and macOS, while a security researcher believes it may affect both iPhone and Android users. Reported targets include civil society individuals. WhatsApp released a fix; users must update devices to apply it.
A glitch in the Meta-owned chat app has left iPhone users vulnerable to a 'sophisticated' cyber attack that could steal your personal data. Some WhatsApp users have been getting an alert telling them they might be a victim of the 'zero-click' hack, which has been ongoing for three months. But it is unclear how many people are affected and who the perpetrators of the attack are.
'We assess that this vulnerability... may have been exploited in a sophisticated attack against specific targeted users,' WhatsApp says. '[It] could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target's device.' According to WhatsApp, the vulnerability is targeting iOS and macOS, but Mr Ó Cearbhaill thinks it is 'impacting both iPhone and Android users'.
Collection
[
|
...
]