WhatsApp Security Flaw Puts Samsung Galaxy and iPhone Users at Risk of spyware
SAN FRANCISCO – A critical security vulnerability in WhatsApp allows hackers to possibly install spyware on both iPhones and Samsung Galaxy devices without any user interaction, a flaw confirmed by Meta and impacting older versions of the messaging app. The vulnerability, discovered in early September, exploits a flaw in message synchronization and, when combined with another weakness in image file processing, could grant attackers control of affected devices.
This “zero-click exploit” means users don’t need to open malicious links or files – simply receiving a specially crafted message is enough for hackers to potentially compromise their devices and steal personal data. The flaw affects older versions of WhatsApp and WhatsApp Business, raising concerns for millions of users who haven’t updated their apps.
The security gaps are identified as CVE-2025-55177 (iOS) and CVE-2025-21043 (Android). Meta confirmed the vulnerability may have been actively exploited, and both Apple and Samsung have acknowledged the risk.
Affected Devices:
* iPhone/iPad/Mac: WhatsApp for iOS before version 2.25.21.73; WhatsApp Business for iOS before version 2.25.21.78; WhatsApp for Mac before version 2.25.21.78; iOS versions prior to 18.6.2; macOS versions prior to 15.6.1.
* Samsung Galaxy (and other Android devices): Devices running Android 13 or recent software are potentially affected.
Both WhatsApp and Samsung have released updates to address the vulnerability. Users are strongly advised to update to the latest version of WhatsApp and their device’s operating system immediately.
according to technology portal Heise, the vulnerability can be compounded by another flaw (CVE-2025-43300) related to image file processing, further increasing the risk of malware installation.
