The security of our mobile phones and computers depends, to a large extent, on the timely application of patches published by manufacturers, because any uncorrected gap can become the perfect gateway for an attacker.
In this context, Meta (owner of WhatsApp) has closed a critical bug that affected iPhone, iPad and Mac and which investigators have linked to a targeted spying campaign. The company and Apple have already distributed corrections for the two links in the chain involved, classified as CVE-2025-55177 (WhatsApp) and CVE-2025-43300 (Manzana).
What happened
The WhatsApp security team identified a weakness in the handling of paired device synchronization messages, registered as CVE-2025-55177. Combined with a system vulnerability in Apple (CVE-2025-43300), it enabled a type of attack zero click against a limited number of users in the last 90 days.
Apple, for its part, corrected a problem in the system image library (ImageIO) which allowed a specially manipulated file to cause memory corruption. As Donncha Ó Cearbhaill of Amnesty International's Security Lab warned, the error in the central image library implied that other apps could also be input vectors.
Meta explained that the exploitation was sophisticated and targeted, targeting high-value targets, and notified potential victims individually. The company emphasizes that the vulnerability in its app is already patched.
How the attack chain worked
The first link exploded a incomplete authorization in checking the synchronization of messages between linked WhatsApp devices. Under certain conditions, the attacker could force the processing content from an arbitrary URL on the victim's device.
The second link resided in the component ImageIO Apple (CVE-2025-43300). Upon receiving a manipulated image, the system could execute code without user interaction, making an attack feasible. zero click: : the device only needed to receive the file to be compromised.
By chaining both flaws, malicious actors could deploy spyware through WhatsApp on iOS, iPadOS, or macOS, gaining access to data and chats without the user clicking on links or opening files. The combination allowed take control from the terminal silently.
Authorities and cybersecurity organizations have paid attention to the case: CISA included the CVE-2025-43300 in its catalogue of exploited vulnerabilities, emphasizing the need for apply updates urgently.
Affected versions and patch status
According to Meta, WhatsApp installations that haven't reached the latest stable versions are considered at risk. Specifically, this affected releases prior to the following:
- WhatsApp for iOS: before v2.25.21.73
- WhatsApp Business for iOS: before v2.25.21.78
- WhatsApp for Mac: before v2.25.21.78
The signs point to the campaign being active. at least three monthsAlthough the WhatsApp and Apple bugs have already been fixed, those who remain on older versions are still at risk, so it is essential update app and system as soon as possible.
Meta is sending notices to potential affected parties and, in cases of compromise, recommends a factory reset from the device. This measure seeks to eliminate any persistence of malware at the system level before reconfiguring and update completely the team.
Safety recommendations
To minimize the risk, make sure your iPhone, iPad, or Mac is running the last version iOS, iPadOS, or macOS and that WhatsApp is fully updated from the App Store. Also check that the app version matches the corrected revisions.
In addition, it is advisable to carry out a periodic reset of the device (helps to cut certain payloads in memory), review the paired devices to your account and log out sessions you don't recognize. If you've received official notification from Meta, consider the factory reset and then carefully restore your backups.
- Update all: operating system and WhatsApp to their latest available versions.
- Restart the computer often to mitigate volatile memory exploits.
- Controls linked devices on WhatsApp and remove suspicious access.
- Activate XNUMX-Step Verification to add an additional barrier to your account.
- factory reset if you have been warned of a possible compromise and set up from scratch.
This incident highlights once again that even widely used platforms can suffer high-level exploits. With patches now available for CVE-2025-55177 y CVE-2025-43300The best defense is to update promptly, monitor linked devices, and implement security practices that prevent a zero-click attack from catching us off guard again.
