Full Report
WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. [...]
Analysis Summary
# Vulnerability: WhatsApp Linked Device Synchronization Processing Flaw Exploited in Zero-Day Attacks
## CVE Details
- CVE ID: CVE-2025-55177
- CVSS Score: Not specified
- CWE: Incomplete Authorization
## Affected Systems
- Products: WhatsApp for iOS, WhatsApp Business for iOS, WhatsApp for Mac
- Versions:
- WhatsApp for iOS prior to version 2.25.21.73
- WhatsApp Business for iOS prior to version 2.25.21.78
- WhatsApp for Mac prior to version 2.25.21.78
- Configurations: Affects linked device synchronization messages processing.
## Vulnerability Description
The vulnerability stems from incomplete authorization checks during linked device synchronization messages within WhatsApp. This flaw could allow an unrelated remote user to force the processing of content originating from an arbitrary URL on a targeted device. WhatsApp suggests this flaw, when combined with the Apple OS vulnerability CVE-2025-43300, may have been exploited in a sophisticated attack against targeted individuals.
## Exploitation
- Status: Exploited in the wild (Zero-day attacks confirmed, combined with CVE-2025-43300)
- Complexity: Not specified, but the combination required for successful exploitation (with the OS flaw) suggests sophisticated targeting.
- Attack Vector: Network (via manipulation of synchronization messages)
## Impact
- Confidentiality: High (Potential for malicious content processing via arbitrary URL)
- Integrity: High (Potential for malicious content processing via arbitrary URL)
- Availability: Undetermined
## Remediation
### Patches
- WhatsApp for iOS: Version 2.25.21.73 and later
- WhatsApp Business for iOS: Version 2.25.21.78 and later
- WhatsApp for Mac: Version 2.25.21.78 and later
### Workarounds
- Perform a device factory reset (as advised to potentially impacted users due to the accompanying OS exploitation).
- Keep device operating systems and software up to date (to address the linked OS vulnerability, CVE-2025-43300).
## Detection
- Indicators of Compromise: WhatsApp sent specific alerts to users warning they may have been targeted in an advanced spyware campaign over the last 90 days.
- Detection methods and tools: Monitoring for suspicious OS-level compromises related to the associated CVE-2025-43300 exploitation.
## References
- Vendor advisories: WhatsApp Security Advisory (referencing patches)
- Relevant links - defanged:
- hxxps://x.com/billmarczak/status/1961459546024800260
- hxxps://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-new-actively-exploited-zero-day/
- hxxps://x.com/DonnchaC/status/1961444710620303653