Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

WhatsApp iOS and Mac zero-click authorization exploited in zero-day attacks security flaw (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 48
2 unique sources, 2 articles

Summary

Hide ▲

WhatsApp patched CVE-2025-55177, a zero-click authorization flaw in its iOS and Mac clients that was exploited in targeted zero-day attacks. The bug could let an unrelated user trigger processing of content from an arbitrary URL on a target device. Affected versions include WhatsApp for iOS prior to 2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78. WhatsApp tied the flaw to incomplete authorization of linked device synchronization messages and said it may have been used with CVE-2025-43300 on Apple platforms.

Cases

Targeted spyware chain across WhatsApp and Apple Image I/O (2)

Related Happenings

NoVoice Android malware hidden in Google Play apps

Malware Activity
First: 01.04.2026 21:07 Last: 01.04.2026 21:07 Sources 1

About this happening: **NoVoice** Android malware was found hidden in **more than 50 Google Play apps**, exposing **at least 2.3 million downloads** to compromise. After installation, it used **old And...

Open Happening

WhatsApp anti-scam protections now warn on fraudulent device-linking requests

Security Tool/Service
First: 26.03.2026 16:06 Last: 26.03.2026 16:06 Sources 1

About this happening: **WhatsApp** rolled out **anti-scam protections** that warn users when **device-linking requests** look suspicious, adding a new user-facing control against **fraudulent account-l...

Open Happening

Apple iOS outdated-device exploit-kit mitigation advisory

Advisory/Mitigation
First: 20.03.2026 07:16 Last: 20.03.2026 07:16 Sources 1

About this happening: **Apple** is sending **Lock Screen notifications** to **outdated iPhones and iPads** after detecting **active web-based attacks**, urging users to install updates. The latest noti...

Open Happening

SORVEPOTEL WhatsApp malware campaign spreads across Brazil

Campaign
First: 12.03.2026 19:31 Last: 12.03.2026 19:31 Sources 1

About this happening: A **WhatsApp** malware campaign in **Brazil** is spreading **SORVEPOTEL**, a **self-propagating Windows malware** that uses **phishing ZIP attachments** and a desktop-only lure to...

Open Happening

Predator spyware targeting Teixeira Cândido's iPhone

Malware Activity
First: 18.02.2026 19:30 Last: 18.02.2026 19:30 Sources 1

About this happening: **Predator spyware** successfully targeted **Teixeira Cândido's iPhone** in **May 2024**, giving an attacker the ability to gain **unrestricted access** to the device. The infecti...

Open Happening

Timeline

  1. 29.08.2025 19:31 2 articles · 9mo ago

    WhatsApp patches CVE-2025-55177 in iOS and Mac clients

    Initial Disclosure

    WhatsApp patched CVE-2025-55177 in WhatsApp for iOS, WhatsApp Business for iOS, and WhatsApp for Mac after assessing that incomplete authorization of linked device synchronization messages could let an unrelated user trigger processing of content from an arbitrary URL on a target's device. The company said the zero-click flaw may have been exploited with CVE-2025-43300 on Apple platforms in targeted attacks against specific users, and it advised potentially impacted users to factory reset devices and keep their operating system and software up to date.

    Show sources
    Open in new tab