Providing a fresh reminder of the constant threat to widespread communication platforms, WhatsApp has disclosed and patched a vulnerability affecting its iOS and macOS applications. The vulnerability has already been exploited in real-world attacks, according to WhatsApp, which warns it may already have been exploited in the past.
It has a CVSS score of 5.4 and is tracked as CVE-2025-55177. The vulnerability is caused by an insufficient level of authorisation when handling linked device synchronization messages.
As a result of the vulnerability, WhatsApp has warned that a malicious actor could potentially compromise the security of users by manipulating content processing using arbitrary URLs on the target device.
In a statement, the Meta-owned company credited its in-house security team with discovering and analyzing this bug, which is thought to have been exploited in combination with a recently revealed Apple zero-day vulnerability as part of targeted attacks on the company.
The incident was deemed to be the result of an “advanced spyware campaign” by Donncha Cearbhaill of Amnesty International’s Security Lab, which notes it had been active for approximately 90 days and used zero-click delivery techniques.
Through this technique, attackers were able to spread malicious exploits through WhatsApp without requiring any interaction from the victim, allowing
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: