WhatsApp, owned by Meta, has patched a vulnerability in its iOS and macOS versions that allowed attackers to install malware without user interaction. The attacks lasted for about three months and targeted journalists, charity workers, and representatives of non-profit non-governmental organizations (NGOs), PCMag reports.
The vulnerability, designated CVE-2025-55177, allowed attackers to force content from an "arbitrary URL" to be displayed on a victim's device. Since it was a zero-click exploit, the user did not need to click on the link or take any other action.
Experts say the attackers combined this bug with a previous vulnerability at the Apple OS level (CVE-2025-43300), which the company patched last month. WhatsApp advises users affected by the attack to perform a hard reset of their device, update their operating system and the application itself to the latest versions.
AmnestyTech representatives emphasize that the vulnerability can be exploited through other applications, not just WhatsApp. The attackers have not been officially named, but there have been recent allegations of governments using similar spyware to spy on journalists and NGO workers.
Recall that recently it became known about the vulnerability of the Gemini artificial intelligence, which allows the use of the summary of emails in Gmail for phishing.