WhatsApp has packed a security vulnerability in its iOS and McOS messaging clients which were exploited in targeted zero-day attacks.
The company says this Zero-click defect ,
WhatsApp said, “The incomplete authority of the device synchronized message linked to WhatsApp (..) may have allowed an unrelated user to trigger the processing of the material from an arbitrary URL on the target device,” said WhatsApp. Friday security advisor,
“We assess that it can be exploited in a refined attack against specific targeted users, in combination with an OS-level vulnerability on the Apple platforms (CVE-2025-43300).
When Apple released an emergency update to patch the CVE-2025-43300 zero-day defect earlier this month, it was also said that the defect was exploited in a “very sophisticated attack”.
While both companies have not yet published more information about the attacks, Doncha รณ Cearbhaill (Head of Security Lab at Amnesty International) Said That WhatsApp warned some users that they have been targeted in an advanced spyware campaign in the last 90 days.
Alerts read,
In the threatening information sent to potentially affected persons, WhatsApp recommends them to reset a device factory and keep their devices’ operating systems and software up to date.
In March, WhatsApp patches another zero-day defect-facing reports of security researchers at the Citizen Lab University in Toronto-which was exploited to install paragon graphite spyware.
A WhatsApp spokesperson told BlappingCopper at the time, “WhatsApp has disrupted a spyware campaign by Paragon, targeting many users including journalists and members of civil society. We have reached directly to those who believe that we were influenced.”
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
