whatsapp addresses Critical Zero-Click Exploit Targeting Apple Users
Table of Contents
Published: September 3, 2025
whatsapp has released a security update to address a recently discovered zero-click exploit that targeted Apple iOS and macOS devices. The vulnerability, reportedly used to deliver spyware, allowed attackers to gain access to a device without any interaction from the user – meaning simply receiving a WhatsApp message, even without opening it, could have compromised a device. This incident underscores the growing sophistication of cyberattacks and the importance of promptly updating software.
Primary Keyword: WhatsApp exploit
Secondary Keywords: zero-click exploit, Apple security, iOS update, macOS security, WhatsApp security update, spyware, cybersecurity, mobile security, targeted attack.
Understanding the Zero-Click Exploit
A zero-click exploit is particularly dangerous because it requires no action on the part of the user to initiate the attack. Traditional exploits frequently enough rely on tricking users into clicking malicious links or opening infected attachments. This new vulnerability bypassed those defenses, leveraging a flaw in WhatsApp’s processing of specific message types to install malicious software. According to a report by The Hacker News,the exploit targeted both iOS and macOS devices [https://thehackernews.com/2025/09/whatsapp-patches-zero-click-exploit.html].
The vulnerability was discovered and reported to WhatsApp by Citizen Lab, a research group at the University of Toronto focused on internet security and human rights [https://citizenlab.ca/]. Citizen Lab identified the exploit being used in targeted attacks against individuals in multiple countries.
How the Exploit Worked & Who Was Targeted
The exploit reportedly leveraged a buffer overflow vulnerability within WhatsApp’s video call processing functionality. Attackers crafted a malicious MP4 video file and sent it to the target via WhatsApp. even if the user didn’t initiate a video call or even open the chat window,the vulnerability allowed the attacker to execute code on the device.
While the exact scope of the attacks remains under investigation, Citizen Lab’s research indicates that the exploit was used to deploy Pegasus spyware, developed by the israeli cyberarms firm NSO Group. Pegasus is known for its ability to extract messages, photos, emails, and other sensitive data from compromised devices. The Mirror reported that the attacks were highly targeted, focusing on journalists, human rights activists, and political dissidents [https://www.mirror.co.uk/tech/urgent-whatsapp-warning-issued-all-30839211].
What Apple and WhatsApp Have Done
whatsapp has released version 2.25.10.74 for iOS and 2.25.13 for macOS to address the vulnerability. Users are strongly advised to update to the latest version of WhatsApp promptly. The update patches the flaw that allowed the zero-click exploit to function.Apple has also acknowledged the vulnerability and is expected to incorporate additional security measures in future iOS and macOS updates. TechCrunch confirms that WhatsApp worked closely with Apple to address the issue [https://techcrunch.com/2025/09/03/whatsapp-fixes-zero-click-bug-used-to-hack-apple-users-with-spyware/].
Protecting Yourself: What Users Should Do
Update WhatsApp: The most critical step is to update WhatsApp to the latest version available in the App Store (iOS) or on the WhatsApp website (macOS). Keep Your Operating System Updated: Ensure your iPhone, iPad, or Mac is running the latest version of iOS or macOS. These updates often include critical security patches.
Be Cautious of Suspicious Messages: While this exploit didn’t require user interaction, it’s always wise to be cautious about opening messages or attachments from unknown senders.
Enable Two-Step Verification: Enable two-step verification in WhatsApp settings for an added layer of security.This requires a six-digit PIN when registering your phone number with WhatsApp.
* Review App Permissions: Regularly review the permissions granted to apps on your device.
This incident serves as a stark reminder of the constant threat landscape and the importance of proactive security measures. By staying informed and promptly applying security updates, users can significantly reduce their risk of becoming victims of sophisticated cyberattacks. Details Security Buzz provides further details on the initial revelation of the vulnerability [https://www.informationsecuritybuzz.com/whatsapp-reveals-zero-day-exploited-in-targeted-apple-attacks/].