WhatsApp Just Patched a ‘Zero Click’ Bug Being Used to Hack Apple Users

On Friday, WhatsApp announced that it had patched a software vulnerability that was being used by unknown hackers to target specific users of Apple products and hack them with spyware.

WhatsApp, which is owned by Meta, said in an advisory that the previously unknown bug “may have been exploited in a sophisticated attack against specific targeted users.” The vulnerability is officially dubbed CVE-2025-55177.

TechCrunch notes that this week, WhatsApp fixed the bug while last week, Apple fixed another bug, known as CVE-2025-43300. Together, these vulnerabilities appear to have been the weak spots that allowed malicious spyware attacks targeting specific Apple users, intended to steal data from their devices, the outlet writes.

Apple describes its bug as such: “Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.” Gizmodo reached out to Apple and WhatsApp for more information.

WhatsApp told TechCrunch that it had notified “less than 200 users” that they may have been impacted by the campaign. Donncha Ó Cearbhaill, head of Amnesty International’s Security Lab, said that the notifications had been sent out over the past 90 days. “Our team at Amnesty International’s Security Lab is actively investigating cases with a number of individuals targeted in this campaign,” Cearbhaill said on X. “We are available to support members of civil society who have received the WhatsApp notifications.”

Zero-click attacks have become increasingly common and are frightening because, just as the name would suggest, they don’t require any active phishing to penetrate into the inner contents of a person’s mobile OS. Often, all a bad actor needs to do is send a malicious file (often an image), which can take over the phone by itself. Over the last several years, malware capable of zero-click attacks has been targeted at journalists, activists, and government officials—much of it originating from companies based in Israel.