Topics

WhatsApp fixes ‘zero-click’ bug used to hack Apple users with spyware

Most Popular

TransUnion says hackers stole 4.4 million customers’ personal information

Get ready, EV owners: Here come the dongles

Anthropic launches a Claude AI agent that lives in Chrome

Google Translate takes on Duolingo with new language learning tools

Google Gemini’s AI

Robomart unveils new delivery robot with $3 flat fee to challenge DoorDash, Uber Eats

Coinbase CEO explains why he fired engineers who didn’t try AI immediately

Latest

Amazon

Apps

Biotech & Health

Climate

Cloud Computing

Commerce

Crypto

Enterprise

EVs

Fintech

Fundraising

Gadgets

Gaming

Google

Government & Policy

Hardware

Instagram

Layoffs

Media & Entertainment

Meta

Microsoft

Privacy

Robotics

Security

Social

Space

Startups

TikTok

Transportation

Venture

Events

Startup Battlefield

StrictlyVC

Newsletters

Podcasts

Videos

Partner Content

TechCrunch Brand Studio

Crunchboard

WhatsApp fixes ‘zero-click’ bug used to hack Apple users with spyware Zack Whittaker AM PDT · August 29, 2025 WhatsApp said on Friday that it fixed a security bug in its iOS and Mac apps that was being used to stealthily hack into the Apple devices of “specific targeted users.”

The Meta-owned messaging app giant said in its security advisory that it fixed the vulnerability, known officially as CVE-2025-55177, which was used alongside a separate flaw found in iOS and Macs, which Apple fixed last week and tracks as CVE-2025-43300.

Apple said at the time that the flaw was used in an “extremely sophisticated attack against specific targeted individuals.” Now we know that dozens of WhatsApp users were targeted with this pair of flaws.

Donncha Ó Cearbhaill, who heads Amnesty International’s Security Lab, described the attack in a post on X as an “advanced spyware campaign” that targeted users over the past 90 days, or since the end of May. Ó Cearbhaill described the pair of bugs as a “zero-click” attack, meaning it does not require any interaction from the victim, such as clicking a link, to compromise their device.

The two bugs chained together allow an attacker to deliver a malicious exploit through WhatsApp that’s capable of stealing data from the user’s Apple device.

Per Ó Cearbhaill, who posted a copy of the threat notification that WhatsApp sent to affected users, the attack was able to “compromise your device and the data it contains, including messages.”

It’s not immediately clear who, or which spyware vendor, is behind the attacks.

When reached

The spokesperson did not say, when asked, if WhatsApp has evidence to attribute the hacks to a specific attacker or surveillance vendor.

This is not the first time that WhatsApp users have been targeted

In May, a U.S. court ordered spyware maker NSO Group to pay WhatsApp $167 million in damages for a 2019 hacking campaign that broke into the devices of more than 1,400 WhatsApp users with an exploit capable of planting NSO’s Pegasus spyware. WhatsApp brought the legal case against NSO, citing a breach of federal and state hacking laws, as well as its own terms of service.

Earlier this year, WhatsApp disrupted a spyware campaign that targeted around 90 users, including

Did you receive a notification that your device was compromised? Get in touch with this

Topics

Zack Whittaker Security Editor

Zack Whittaker is the security editor at TechCrunch. He can be reached via encrypted message at zackwhittaker.1337 on Signal. You can also contact him

October 27-29, 2025 San Francisco Put your brand in front of 10,000+ tech and VC leaders across all three days of Disrupt 2025. Amplify your reach, spark real connections, and lead the innovation charge. Secure your exhibit space before your competitor does.

Most Popular TransUnion says hackers stole 4.4 million customers’ personal information Zack Whittaker

Get ready, EV owners: Here come the dongles Tim De Chant

Anthropic launches a Claude AI agent that lives in Chrome Maxwell Zeff

Google Translate takes on Duolingo with new language learning tools Aisha Malik

Google Gemini’s AI Maxwell Zeff

Robomart unveils new delivery robot with $3 flat fee to challenge DoorDash, Uber Eats Rebecca Szkutak

Coinbase CEO explains why he fired engineers who didn’t try AI immediately Julie Bort

X LinkedIn Facebook Instagram youTube Mastodon Threads Bluesky TechCrunchStaffContact UsAdvertiseCrunchboard JobsSite Map Terms of ServicePrivacy PolicyRSS Terms of UseCode of Conduct IntelDOGELibbySpotifyApple EventTech LayoffsChatGPT © 2025 TechCrunch Media LLC.