Exploit chained two bugs (WhatsApp + Apple) for zero-click spyware attacks.
Less than 200 users targeted in a sophisticated, state-level style campaign.
Users urged to update iPhone, Mac, and WhatsApp for protection.
WhatsApp has rolled out a fix for a serious security flaw in its iOS and Mac apps that hackers were actively exploiting to spy on a small set of users. The Meta-owned messaging giant confirmed the patch on Friday, saying the bug, officially tracked as CVE-2025-55177 was being used along with another Apple vulnerability that the company fixed last week (CVE-2025-43300).
SurveyApple had already warned that its flaw was used in an “extremely sophisticated attack” targeting specific individuals. Now, it’s clear the two bugs were chained together in what’s known as a zero-click exploit, in which victims didn’t have to tap a link or open a file for their devices to be hacked.
According to a post by Amnesty International’s Security Lab shared via X (formerly Twitter), the campaign had been running since late May, hitting WhatsApp users with spyware capable of stealing data from iPhones and Macs. Donncha Ó Cearbhaill, who heads the lab, called it an “advanced spyware campaign” and shared that WhatsApp’s warning to victims explicitly said attackers could compromise their devices and data, including private chats.
Meta spokesperson Margarita Franklin told TechCrunch that the flaw was discovered and patched “a few weeks ago.” Less than 200 WhatsApp users received threat notifications, but Meta did not share details on who was behind the operation or whether a commercial spyware vendor was involved.
Security experts say chaining the two bugs together gave attackers a direct access to Apple devices via WhatsApp, granting them access to sensitive data without any interaction from the victim.
Also read: Oppo Find X8 Pro price drops by over Rs 14,000 on Amazon: How to grab this deal
Zero-click exploits are especially dangerous because they leave users with little to no defense, even the most careful users can be compromised. This is why such attacks are often linked to state-sponsored spyware campaigns.
For now, the best protection is making sure your iPhone, Mac, and WhatsApp app are updated to the latest versions.
Follow Us
Himani Jha
Himani Jha is a tech news writer at Digit. Passionate about smartphones and consumer technology, she has contributed to leading publications such as Times Network, Gadgets 360, and Hindustan Times Tech for the past five years. When not immersed in gadgets, she enjoys exploring the vibrant culinary scene, discovering new cafes and restaurants, and indulging in her love for fine literature and timeless music. View Full Profile
