WhatsApp has rolled out an urgent update for its iOS and macOS apps after detecting a zero‑click exploit—one that required no user interaction—to deliver spyware to a small number of targeted users. The vulnerability allowed attackers to bypass authorisation checks when processing linked-device synchronization messages—specifically in WhatsApp for iOS before version 2.25.21.73, WhatsApp Business for iOS before version 2.25.21.78, and WhatsApp for Mac before version 2.25.21.78.
This flaw was chained with a separate operating‑system level bug in Apple’s ImageIO framework, which exposed devices to memory corruption when processing crafted images. Apple patched that vulnerability in iOS and macOS update 18.6.2 earlier this month.
Amnesty International’s Security Lab head, Donncha Ó Cearbhaill, characterised the incident as an advanced spyware campaign targeting specific individuals over a 90‑day period since late May. WhatsApp reportedly issued alerts to fewer than 200 users believed to be at risk. Meta confirmed detection and remediation of the WhatsApp vulnerability “a few weeks ago” but declined to attribute the attacks to any particular spyware vendor or government agency.
Affected users were advised to perform a full factory reset and ensure both the operating system and WhatsApp client are fully updated to guard against persistent compromise.
This campaign echoes previous high‑profile spyware operations; in 2019, NSO Group exploited a WhatsApp zero‑day to deploy Pegasus spyware to more than 1,400 users, resulting in a US$167 million legal ruling in favour of WhatsApp. Earlier this year, a Paragon spyware campaign was also disrupted by WhatsApp, targeting civil society actors in Italy.
Experts warn that zero‑day, zero‑click exploits are among the most insidious threats, especially for high‑risk individuals such as journalists, human‑rights defenders, and activists, since they leave no visible trace of user action and can bypass conventional safeguards. Amnesty’s investigations continue into how many were affected and what data may have been compromised.
Users are urged to maintain vigilance, enable safeguards like Apple’s Lockdown Mode or Android’s advanced protection where available, and keep software updated on all fronts to narrow the window of vulnerability.
Notice an issue?
Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don’t hesitate to contact our editorial team at editor[at]thearabianpost[dot]com. We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.