Critical โฃWhatsApp Security Flaw Allows Remote Device Takeover
A severe security vulnerability in WhatsApp for iOS and MacOS has โbeen discovered, enabling attackers to remotely โtransfer control โofโ devices without any user interaction. US authorities have classified thisโ threat as critical.
The flaw, identified as CVE-2025-55177, โresides in how WhatsApp synchronizesโข across linked devices.Exploitation allows โcybercriminals to โคinject malicious web content onto targetedโ devices. The US Cybersecurity โand Infrastructure Security โฃAgency (CISA)โ has added this vulnerability to โฃits catalogโ of knownโ exploited weaknesses.
how the Attack Works:
This “zero-click” attack leverages a combination of vulnerabilities. It โbegins with a malicious message triggering โคa flaw in Apple’s image framework (CVE 2025-43300), โcausing memory โerrors. Attackers then exploit the WhatsApp synchronization gap to gain full device control. While Apple โaddressed its vulnerability on August 20, 2025,โข the WhatsApp component remained exposed until recently. Detailsโค of theโ attack and affected victimsโ remain undisclosed by โboth โcompanies.
Urgent action Required:
CISA issued a warning on September 2, 2025, requiring all US federal โฃagencies to โpatch their systems by September 23, 2025.security experts fear the vulnerabilityโฃ could be exploited by ransomware groups due โto its remote code โexecution capabilities.
affectedโค Versions:
* WhatsApp for iOS: before version 2.25.21.73
*โข WhatsApp business โforโข iOS: before 2.25.21.78
* โฃ WhatsApp for Mac: beforeโค 2.25.21.78
Meta Faces Additionalโ Scrutiny:
This discovery coincides withโค a whistleblower lawsuit filed by former WhatsApp security chief Attaullah Baig, alleging systemic security deficiencies โฃwithin the company. Baig claims widespread โaccess to userโ data by WhatsApp engineers and a failure to adequately โaddress daily hacking attempts affecting over 100,000 accounts. Meta disputes these claims.
Protect Yourself Now:
Meta hasโ released patched versions โคof WhatsAppโฃ and strongly urges all users โคto update immediately. If you suspect an attack, WhatsApp recommendsโฃ a complete โคfactory resetโข of your device.
Enable automatic updates toโค ensure you receive critical security patches as soon as they are available. โ With โขover three billion WhatsApp usersโค worldwide, the stakes are incredibly high.
[Link to Telegram Guide Removed – per instructions to focus on the core article]
This vulnerability echoes past incidents like the Pegasus spyware, highlighting the ongoing demand for zero-day exploits in messaging appsโ by state actors and cybercriminals.