This post is also available in:
עברית (Hebrew)
WhatsApp has recently addressed a security vulnerability affecting its messaging apps on Apple iOS and macOS platforms. The flaw, identified as CVE-2025-55177, could have been exploited by malicious actors to deliver spyware to users through seemingly harmless messages containing hidden links.
The vulnerability specifically impacted certain versions of WhatsApp for iOS and macOS. On iOS, the affected versions were before v2.25.21.73 for WhatsApp, and v2.25.21.78 for WhatsApp Business. For macOS, the affected versions are prior to v2.25.21.78. The issue was linked to an improper handling of linked device synchronization messages, which could allow attackers to trigger the execution of harmful content through external URLs embedded within messages, according to Cybernews.
According to the company, the vulnerability might have been used in combination with another Apple-specific flaw (CVE-2025-43300). This vulnerability, disclosed earlier this year, allowed attackers to execute arbitrary code when an image file was opened in WhatsApp. In a targeted attack scenario, the two vulnerabilities could have enabled malicious code execution without the user’s knowledge.
While there are currently no confirmed reports of the vulnerabilities being actively exploited, the potential for misuse was significant, as a maliciously crafted message could trick users into unknowingly running harmful code when interacting with an attachment. The WhatsApp team assesses that these vulnerabilities when used in conjunction could have been exploited to target users. Earlier this year, WhatsApp patched a similar issue involving file spoofing, where attackers could disguise executable files as images or PDFs.
While these vulnerabilities have now been patched in the latest updates for both WhatsApp for iOS and macOS, this situation emphasized the importance of keeping apps and operating systems up to date to avoid potential security threats. Users are encouraged to update to the latest versions of WhatsApp for iOS and macOS as soon as possible to ensure their devices are protected from such risks.
