Urgent WhatsApp Update Issued After Sophisticated iPhone Hack

WhatsApp has issued an urgent security update after discovering a sophisticated “zero click” spyware exploit that targeted Apple users, including civil society figures, without requiring them to click anything malicious. 

What Happened

WhatsApp, owned by Meta, revealed that a critical vulnerability (CVE 2025 55177) was being exploited in tandem with a separate Apple operating system flaw (CVE 2025 43300) to deploy spyware onto iPhones and Macs via WhatsApp without any user action.

This attack, described by Apple as “extremely sophisticated,” appears to have targeted fewer than 200 users, likely including civil society members. Notification has already been sent to those affected.

Why It Matters

A “zero click” vulnerability is particularly dangerous because no user interaction is needed. Hackers can deliver malware silently, bypassing awareness or warning. Even if this attack was limited in scope, the technique itself shows how quickly such flaws can be exploited.

How to Protect Yourself

Meta has patched the flaw, but updating is essential.

• Update WhatsApp immediately: install the patched versions, iOS v2.25.21.73 or later, and Mac v2.25.21.78 or later, to close the critical flaw.
• Update your device’s operating system to the latest iOS or macOS release to address underlying Apple vulnerabilities.
• Consider enhanced protection modes: enabling iOS Lockdown Mode or Android Advanced Protection Mode can further limit attack vectors.
• If you received a WhatsApp alert as a potentially targeted user, follow the guidance provided, which may include a full device factory reset.
  

Why It Matters for Organisations

Although this latest attack has been aimed at a small number of individuals, the technique shows how easily trusted channels like WhatsApp can be exploited. Many businesses rely on these platforms for everyday communication. A compromised device can quickly become an entry point for wider cyberattacks, data loss, or fraud.

How AJC Can Help

At AJC, we help organisations close these gaps by combining cyber security and fraud prevention expertise. Our services include:

• Cyber Security: Mobile and endpoint risk assessments, hardening communication platforms, and preparing for emerging threats such as zero click exploits.
• Fraud Prevention and Incident Response: Building resilience against attacks that use compromised accounts or messaging apps to deceive staff, suppliers, or customers.

Attacks like this highlight how blurred the line has become between personal and business risk. With AJC, you can ensure your people and your organisation are equipped to withstand the next sophisticated attack.

Contact us on 020 7101 4861 or email us at info@ajollyconsulting.co.uk if you think we can help.

image accreditation: Wikimedia commons. Last accessed on 2nd September 2025. Available here.