WhatsApp Fixes Zero-Click Spyware Flaw in iPhone and Mac Apps

WhatsApp has fixed a serious ‘zero-click’ vulnerability in its iPhone and Mac apps that hackers were using to target specific users with spyware.

The flaw, tracked as CVE-2025-43300, was patched alongside a related Apple bug, CVE-2025-55177, which could have exposed user data.

Together, the two vulnerabilities may have allowed attackers to target Apple users and steal data from their devices.

The issue affected WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS prior to v2.25.21.78, and WhatsApp for Mac prior to v2.25.21.78.

Donncha O Cearbhaill, head of Amnesty’s Security Lab, said in a post on X that initial findings suggested the hacking was affecting both iPhone and Android users, including members of civil society.

Meta spokesperson Margarita Franklin told TechCrunch that the company had detected and patched the vulnerability a few weeks ago, adding that fewer than 200 WhatsApp users received notifications about being affected.

Notably, zero-click vulnerabilities are security flaws that attackers can exploit without any action from the victim, no clicking on links, opening files, or granting access is required.