CVE-2025-55177: Vulnerability in WhatsApp iOS & macOS Messaging Clients Exploited for Zero-Click Attacks
In late August, Apple rushed out an emergency update to patch CVE-2025-43300, a critical out-of-bounds write zero-day in iOS, iPadOS, and macOS. But the story doesn’t end there. Security researchers have now uncovered another serious issue: a WhatsApp zero-day vulnerability in its iOS and macOS clients. The flaw, which WhatsApp has since patched, was leveraged alongside Apple’s OS-level bug in a sophisticated exploit chain designed to deliver spyware in a highly targeted campaign.
The latest discovery highlights a sharply rising reliance on zero-day exploits by advanced threat actors. Attackers are increasingly chaining multiple vulnerabilities together to evade security controls and achieve device compromise on a wider scale. Over the past four years, the volume of zero-day exploitation has shown a steady climb, with only minor year-to-year fluctuations. In 2024, Google’s Threat Analysis Group documented 75 zero-day vulnerabilities actively abused in the wild, a clear signal that the problem is accelerating. Now in 2025, zero-days remain the leading method of initial compromise, accounting for roughly one-third of all intrusion attempts.
Sign up for SOC Prime Platform to access the global marketplace of 600,000+ detection rules and queries made by detection engineers, updated daily, and enriched with threat intel to proactively defend against existing and current threats anticipated most. All the rules can be used across dozens of SIEM, EDR, and Data Lake platforms and are aligned with MITRE ATT&CK®. Additionally, each rule is enriched with CTI links, attack timelines, audit configurations, triage recommendations, and more extensive metadata.
Security engineers can instantly reach the extensive collection of behavior-based Sigma rules under “CVE” tag by clicking the Explore Detections button below.
Security engineers can also leverage Uncoder AI, an IDE and co-pilot for detection engineering, which is now enhanced with a new AI Chat Bot mode and the MCP tools support. With Uncoder, defenders can instantly convert IOCs into custom hunting queries, craft detection code from raw threat reports, generate Attack Flow diagrams, enable ATT&CK tags prediction, leverage AI-driven query optimization, and translate detection content across multiple platforms.
CVE-2025-55177 Analysis
WhatsApp has rolled out security updates to address a newly disclosed flaw, tracked as CVE-2025-55177, that has been actively exploited in the wild for targeted attacks. The vulnerability stems from insufficient authorization checks in linked device synchronization messages. Exploitation of the bug enables a remote attacker to force a victim’s device to process malicious content from an arbitrary URL, without requiring the victim to take any action.
Security researchers warn that CVE-2025-55177 was not exploited in isolation. It was chained with an Apple OS-level vulnerability (CVE-2025-43300) in a sophisticated campaign designed to deploy spyware. WhatsApp confirmed that approximately 200 people were targeted over the past three months, representing a highly selective and advanced operation.
Vendor’s advisory notes that CVE-2025-55177 affects multiple versions of WhatsApp and WhatsApp Business, including WhatsApp for iOS before v2.25.21.73, WhatsApp Business for iOS before v2.25.21.78, and WhatsApp for Mac before v2.25.21.78.
In alerts sent to affected individuals, WhatsApp recommended urgent steps, including a full device factory reset, alongside updating both the WhatsApp app and the underlying operating system to the latest versions.
Security experts emphasized that this exploit chain operated as a “zero-click attack”, a class of exploit requiring no user interaction. Such attacks represent one of the most dangerous forms of exploitation, as they can compromise a device silently and persistently. By leveraging SOC Prime’s complete product suite backed by AI and top cybersecurity expertise, security teams are equipped with future-proof technologies for enterprise-ready protection that can significantly enhance the organization’s cybersecurity posture.
