Campaign
Vulnerability
Targeted spyware chain across WhatsApp and Apple Image I/O
Updated 16.09.2025 15:16
Case score 56
Why this score?
Case score is a discovery signal based on public evidence, not a guaranteed risk rating. Use it to decide what to review first, then verify important details from the linked sources.
- Total
- 56
- Main story score
- 56
- Related evidence lift
- +0 / 20
- Contributing updates
- 0
- Context updates
- 1
Top contributors
- Campaign Defines the targeted spyware activity and the chained use of WhatsApp and Apple vulnerabilities. main
- Vulnerability Provides the WhatsApp zero-click flaw, affected versions, and victim-handling guidance that frame the chain. context
Case score 56
Members 2
Latest activity 16.09.2025 15:16
Active exploitation
Patch available
CVSS: 8.0 High
Members 2
First seen 29.08.2025 19:31
Last seen 16.09.2025 15:16
Updated 16.09.2025 15:16
Overview
Targeted spyware activity used a **WhatsApp** zero-click flaw and an **Apple** Image I/O vulnerability to reach specific users with a silent delivery path. WhatsApp tied **CVE-2025-55177** to **CVE-2025-43300** in targeted zero-day attacks, and Apple already had emergency fixes in place for the platform flaw.
WhatsApp sent threat notifications and told potentially impacted users to factory reset devices and keep software current. Available evidence confirms patching and warning activity, but not the exact operator identity or the full number of affected devices.
Attackers used a chained zero-click path in **WhatsApp** and Apple software to target specific individuals with spyware. The chain combined **CVE-2025-55177** in WhatsApp with **CVE-2025-43300** in Apple's Image I/O framework, giving the operation a silent delivery path against mobile devices. WhatsApp described the activity as targeted zero-day exploitation against specific users and said the combined attack may have been used in a sophisticated operation.
Apple patched **CVE-2025-43300** on August 20 and backported fixes to older iPhones and iPads, while WhatsApp patched **CVE-2025-55177** in its iOS and Mac clients. WhatsApp sent threat notifications to potentially impacted people and advised a device factory reset plus current operating-system and software updates. Available evidence does not confirm the exact operator or the number of affected users, and it does confirm only that the two vendors have already issued fixes and warnings.
Signals
6 derivedExploitation
Exploitation
Active exploitation
CVSS
8.0 High
CVEs/products
CVE
CVE
Remediation
Remediation
Patch available
Status
Campaign status
Active
Malware context
1 familiesMember happenings
2 related
Campaign
WhatsApp spyware campaign chaining CVE-2025-55177 and CVE-2025-43300
Objective
Espionage
Campaign
Active
Patch
Patch Available
Campaign
WhatsApp spyware campaign chaining CVE-2025-55177 and CVE-2025-43300
Objective
Espionage
Campaign
Active
Patch
Patch Available
Vulnerability
WhatsApp iOS and Mac zero-click authorization exploited in zero-day attacks security flaw (multiple vulnerabilities)
Exploitation
Active Exploitation
CVSS
8.0 High
Patch
Patch Available
Vulnerability
WhatsApp iOS and Mac zero-click authorization exploited in zero-day attacks security flaw (multiple vulnerabilities)
Exploitation
Active Exploitation
CVSS
8.0 High
Patch
Patch Available