A newly uncovered spyware campaign exploited a previously unknown vulnerability in WhatsApp on Apple devices, raising fresh concerns about the security of widely used communication tools for activists, journalists, and private citizens alike.
The Unseen Threat in a Popular App
WhatsApp, with billions of users worldwide, has become more than just a messaging platform; it’s a critical communication link for many in sensitive roles. Late last year, its internal security team discovered a vulnerable point in how the app handles linked device synchronization messages. This flaw, known as CVE-2025-55177, could allow malicious actors to strike by processing harmful content from external links hidden within seemingly normal messages.
Crucially, this issue affected specific versions of WhatsApp on Apple’s iOS and macOS platforms and was exploited in tandem with a separate, equally dangerous vulnerability in Apple’s operating systems. Apple’s imagery processing library—the Imagelo framework—contained an out-of-bounds write flaw (CVE-2025-43300) that made memory corruption possible when processing crafted image files. This systemic weakness, reported by Apple and added to the U.S. Cybersecurity and Infrastructure Security Agency’s exploited threats catalog, highlights the layered nature of this sophisticated cyberattack.
Final Call: Be DPDP Act Ready with FCRF’s Certified Data Protection Officer Program
A Two-Front Attack Strategy
The spyware campaign’s strength came from exploiting both WhatsApp’s software and Apple’s underlying system vulnerabilities. Attackers sent malicious messages or images designed to silently trigger these weaknesses, compromising devices with no action required by the user beyond receiving the encrypted message.
WhatsApp patched its app swiftly, limiting exposure to the flaw from malicious messages. However, due to the intertwined nature of the hack, the Apple device’s operating system could remain compromised even if the WhatsApp app was updated. The company has reached out to users it believes were targeted, warning of the possible breach and advising urgent remedial steps.
The Human Cost of a Silent Invasion
While digital in nature, the implications of these attacks ripple through societal fabric. Targets of such mercenary spyware include journalists, activists, and civil society members who rely on secure communication for safety and freedom of expression. The invasive spyware not only threatens personal privacy but also political and social movements facing repression.
WhatsApp’s warnings reflect the challenge faced by victims: the compromise may extend beyond the messaging app—infecting the entire device and subtly extracting sensitive information. The company advises affected users to perform a full factory reset to remove entrenched malware, a drastic but necessary step to regain control.
Battling an Evolving Cyber Landscape
This incident underlines the growing complexity of digital threats in an interconnected world. It exemplifies how device makers and platform providers must work in tandem to detect and close vulnerabilities that, in isolation, might seem minor but when chained together, cause significant breaches.
Experts emphasize the urgency for users to maintain their devices and applications updated with the latest security patches. Meanwhile, cybersecurity teams worldwide ramp up efforts to detect such sophisticated threats, aiming to protect those who face the highest risks in an ever-evolving digital battleground.