Meta has been forced to fix a ‘vulnerability’ which could lead to users being targeted by hackers.
WhatsApp’s parent company has shared a security advisory after discovering the issue on Friday.
It only impacts people who are using the app on their iPhone or WhatsApp for Mac, potentially causing problems for Apple users.
WhatsApp says it has now fixed the vulnerability, which it called ‘CVE-2025-55177’, which was used alongside a separate flaw found in iOS and Macs which Apple says it fixed last week.
Apple said the flaw, which it called ‘CVE-2025-43300’, was used in an ‘extremely sophisticated attack against specific targeted individuals’ – and the same can be said for the WhatsApp flaw.
The security advisory from WhatsApp explained: ‘Incomplete authorisation of linked device synchronisation messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.
‘We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.’
Donncha Ó Cearbhaill, who is in charge of the security lab at Amnesty International, called the attack an ‘advanced spyware campaign’ which had been targeting users since the end of May.
More worryingly he described the attack as a ‘zero-click exploit’, meaning users don’t have to interact with anything (such as by clicking a link) in order to compromise their device.
WhatsApp has had a busy few weeks, as it’s not long since the messaging app cracked down on more than 6.8million scam accounts.
Earlier this year the app stopped functioning on some phones – most around 10 years old – over security concerns.
And despite WhatsApp messages being described as end-to-end encrypted, it recently emerged Google’s AI Gemini can read your messages there – even if you turn its tracking off.
It’s not long since hackers gained access to a major Google database, leaving more than 2.5billion Gmail users at risk of having their details stolen.
While no passwords were taken, the scammers were able to steal a huge number of files containing company names and customer contact details.
And unfortunately it doesn’t take much for scammers to be able to personalise their attempts to you, as our tech correspondent Jen found out when a cybercrime expert posed as a hacker to track down her home address.
Get in touch with our news team by emailing us at [email protected].
For more stories like this, check our news page.
MORE: Japanese mobile gaming in major decline as developers return to console games
MORE: Apple rumoured to release new flip iPhone with ‘radical’ design
MORE: People think my 40-minute voice notes are annoying – I don’t care
