WhatsApp announced the release of a critical security update to address a chain reaction attack affecting millions of Apple users, enabling zero-click data theft. This advanced method, which allows attackers to infiltrate devices without users having to click, has sparked concern in the tech world.
Install the WhatsApp update!
Cyber attackers combined two different vulnerabilities to achieve their goals. First, they exploited a vulnerability found in Apple’s iOS and macOS operating systems, CVE-2025-43300, patched last week. Then, they exploited a second vulnerability, CVE-2025-55177, discovered in WhatsApp, to carry out the attack.
The combination of these two vulnerabilities allowed the attacker to partially take control of an Apple device and steal all personal data, including messages, by sending specially crafted content (messages, calls, etc.) via WhatsApp.
What is Zero-Click and Why Is It So Dangerous?
What makes the attack particularly dangerous is its “zero-click” approach. This means the device is silently compromised in the background, without the victim even having to click on a suspicious link, download a file, or answer a call. These types of attacks are considered among the most difficult and sophisticated cyber threats to detect.
Apple stated that its vulnerability was used in “a highly sophisticated attack targeting specific target individuals.” WhatsApp’s statement confirms that these targeted attacks are being conducted through WhatsApp. The spyware company or group behind the attacks remains unknown.
The only way to ensure security is to update both Apple devices and the WhatsApp app to the latest version. Experts recommend that all iPhone and Mac users install the latest operating system update from their device settings and immediately update WhatsApp from the App Store.
