Meta’s WhatsApp platform was exploited via a zero-click vulnerability (CVE-2025-55177) in its device synchronization process, combined with a flaw in Apple’s ImageIO framework (CVE-2025-43300). This allowed attackers to remotely execute malicious code on victims’ devices without any user interaction, such as clicking links or opening files. Amnesty International described the campaign as one of the most sophisticated spyware attacks recently, targeting fewer than 200 high-profile users. While patches were released (iOS: 2.25.21.73+, macOS/Business: 2.25.21.78+), the attack demonstrated the severe risk of zero-click exploits, which bypass traditional defenses like phishing filters.The incident exposed the vulnerability of widely used communication tools to advanced, targeted spyware, enabling silent data exfiltration or surveillance. WhatsApp warned affected users and advised factory resets alongside enabling security modes (Lockdown Mode for iOS, Advanced Protection for Android). Though no large-scale data breach was confirmed, the potential for unauthorized access to sensitive communications—including those of journalists, activists, or executives—posed significant reputational and operational risks. The attack underscored the necessity of rapid patching and layered security measures against evolving threats.
Source: https://www.techzine.eu/news/security/134288/sophisticated-attack-hits-whatsapp-users/
TPRM report: https://www.rankiteo.com/company/meta
"id": "met2711727110425",
"linkid": "meta",
"type": "Vulnerability",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '<200 (directly warned)',
'industry': 'social media/messaging',
'location': 'global',
'name': 'WhatsApp (Meta Platforms, Inc.)',
'size': 'large-scale (billions of users)',
'type': 'technology company'},
{'industry': 'consumer electronics/software',
'location': 'global',
'name': 'Apple Inc.',
'size': 'large-scale',
'type': 'technology company'}],
'attack_vector': ['remote code execution (RCE)',
'malicious URL processing',
'device synchronization flaw',
'Apple ImageIO framework vulnerability'],
'customer_advisories': ['update WhatsApp immediately',
'enable advanced security modes',
'factory reset if notified'],
'data_breach': {'data_exfiltration': ['likely (spyware purpose)'],
'personally_identifiable_information': ['potential (if '
'spyware exfiltrated '
'PII)'],
'sensitivity_of_data': ['high (if spyware accessed private '
'communications)'],
'type_of_data_compromised': ['potential spyware-collected '
'data (e.g., messages, contacts, '
'media)',
'device metadata']},
'description': 'WhatsApp fixed a serious zero-click vulnerability '
'(CVE-2025-55177) in its linked device synchronization '
'process, which, when combined with a flaw in Apple’s ImageIO '
'framework (CVE-2025-43300), allowed attackers to remotely '
'process malicious content from any URL on a victim’s device '
'without user interaction. Described by Amnesty International '
'as one of the most sophisticated spyware attacks in recent '
'times, fewer than 200 users were personally warned by Meta. '
'Patches are now available for iOS (WhatsApp 2.25.21.73+, '
'WhatsApp Business 2.25.21.78+) and macOS, with '
'recommendations for Android users to enable Lockdown Mode '
'(iOS) or Advanced Protection Mode (Android) and perform '
'factory resets if affected.',
'impact': {'brand_reputation_impact': ['eroded trust in WhatsApp security',
'highlighted risks of zero-click '
'exploits'],
'data_compromised': ['potential spyware installation',
'unauthorized data access'],
'identity_theft_risk': ['high (if spyware exfiltrated personal '
'data)'],
'operational_impact': ['risk of undetected spyware persistence',
'compromised device integrity'],
'systems_affected': ['iOS devices (WhatsApp < 2.25.21.73)',
'iOS devices (WhatsApp Business < 2.25.21.78)',
'macOS devices (WhatsApp < 2.25.21.78)',
'potential Android devices']},
'investigation_status': 'ongoing (initial focus on iOS/macOS; Android impact '
'under investigation)',
'lessons_learned': ['Zero-click exploits bypass traditional defenses (e.g., '
'phishing awareness).',
'Rapid patch deployment is critical for widely used '
'platforms.',
'Targeted spyware campaigns are increasingly '
'sophisticated and stealthy.',
'Cross-platform vulnerabilities (e.g., WhatsApp + Apple) '
'amplify attack surfaces.',
'User education on advanced security modes (e.g., '
'Lockdown Mode) is essential.'],
'motivation': ['espionage', 'targeted surveillance'],
'post_incident_analysis': {'corrective_actions': ['Deployed patches for '
'iOS/macOS WhatsApp '
'versions.',
'Recommended security mode '
'activations and factory '
'resets.',
'Enhanced collaboration '
'with security researchers '
'for threat detection.'],
'root_causes': ['Flaw in WhatsApp’s linked device '
'synchronization process '
'(CVE-2025-55177).',
'Vulnerability in Apple’s ImageIO '
'framework (CVE-2025-43300).',
'Lack of user interaction '
'requirements (zero-click).']},
'recommendations': ['Users should immediately update WhatsApp to patched '
'versions (iOS 2.25.21.73+/macOS 2.25.21.78+).',
'Enable Lockdown Mode (iOS) or Advanced Protection Mode '
'(Android) for high-risk individuals.',
'Perform factory resets if warned by WhatsApp.',
'Organizations should prioritize zero-click exploit '
'mitigation in threat models.',
'Collaborate with researchers (e.g., Amnesty '
'International) to detect advanced spyware campaigns.'],
'references': [{'source': 'TechCrunch'},
{'source': 'Amnesty International'},
{'source': 'Meta (WhatsApp) Security Advisory'}],
'response': {'communication_strategy': ['direct warnings to <200 users',
'public advisory via TechCrunch',
'general user alerts for updates'],
'containment_measures': ['patch deployment (iOS/macOS updates)',
'user warnings for factory resets'],
'enhanced_monitoring': ['recommendations for users to enable '
'advanced security modes'],
'incident_response_plan_activated': True,
'recovery_measures': ['factory reset recommendations for '
'affected users'],
'remediation_measures': ['security mode activations (Lockdown '
'Mode/Advanced Protection Mode)',
'vulnerability patching'],
'third_party_assistance': ['Amnesty International (research)',
'Meta’s internal security team']},
'stakeholder_advisories': ['Meta warned <200 users directly',
'public advisories issued for broader awareness'],
'title': 'WhatsApp Zero-Click Exploit Vulnerability (CVE-2025-55177) and '
'Apple ImageIO Flaw (CVE-2025-43300)',
'type': ['zero-click exploit', 'spyware attack', 'vulnerability exploitation'],
'vulnerability_exploited': ['CVE-2025-55177 (WhatsApp linked device '
'synchronization)',
'CVE-2025-43300 (Apple ImageIO framework)']}