WhatsApp Bug Anchors Targeted Zero-Click iPhone Attacks www.darkreading.com/cyberatta…

Attackers are exploiting a WhatsApp security vulnerability affecting iPhone iOS in a “sophisticated” zero-click attack against targeted Apple users. The campaign also uses a previously discovered and patched iOS flaw, CVE-2025-43300, known to be used in other attacks. The incidents, which have affected about 200 people so far, have spurred the US government to urge users across its federal workforce to update their devices immediately.

The new bug (CVE-2025-55177, CVSS 5.4) affects Meta’s WhatsApp chat application and could “allow an unrelated user to trigger processing of content from an arbitrary URL on a target’s device,” according to an advisory posted Tuesday by the Cybersecurity and Infrastructure and Security Agency (CISA). The flaw, characterized in an advisory by WhatsApp as an “incomplete authorization of linked device synchronization messages” issue, affects iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78.