iPhone users urged to update WhatsApp after silent cyberattack surfaces

Memet Deniz Yucekaya

5 days önce

A stealthy cyberattack has exposed a major WhatsApp vulnerability, and iPhone users are at risk whether they clicked anything or not.

iPhone users targeted by zero-click WhatsApp exploit

WhatsApp has issued a critical warning after discovering a months-long cyberattack targeting a select group of iPhone users. The breach, revealed on September 1, involves a flaw labeled CVE-2025-55177, which lets attackers process content from arbitrary URLs without requiring any user interaction.

In short, the malware can infect a device through a message alone. No tap, no click, just received.

Samsung and SK Hynix lose US waiver on chip gear for China

Samsung and SK Hynix lost US waivers to use American chipmaking gear in China, raising risks for their semiconductor production.

Exploit tied to Apple system flaw and WhatsApp vulnerability

This attack isn’t just WhatsApp’s problem. Security teams believe it also hinges on a related Apple platform vulnerability (CVE-2025-43300). Combined, the two flaws open the door for attackers to access messages, files, and other personal data.

One of the in-app warnings sent to affected users reads:

“A malicious message may have been sent to you through WhatsApp and combined with other vulnerabilities in your device’s operating system to compromise your device and the data it contains.”

The message also notes that the evidence isn’t conclusive but urges caution anyway.

WhatsApp outlines steps iPhone users should take now

To secure your device and data, WhatsApp and security experts recommend the following:

Update to WhatsApp v2.25.21.73 on iOS
Update to WhatsApp v2.25.21.78 on Mac (if applicable)
Make sure your iPhone’s iOS is fully updated
Perform a full factory reset to eliminate any trace of infection
Enable iOS Lockdown Mode for ongoing protection

Security firm Bitdefender emphasized that this is a zero-click attack, meaning you could be infected even if you didn’t engage with the message.

Amnesty researcher highlights scale of threat

Donncha Ó Cearbhaill of Amnesty International confirmed the seriousness of the bug in a series of posts, calling it “extremely sophisticated.” Because it exploits system-level weaknesses and requires no interaction, it’s far more dangerous than typical phishing attempts.

More threats loom for iPhone users and beyond

The incident adds to a growing list of cybercrime reports. The FBI recently warned that hacking group Scattered Spider has shifted its focus to the airline industry, using impersonation and social engineering to breach secure systems.

The stakes are only rising, and iPhone users may now be the first line of defense in a new era of zero-click threats.