Critical WhatsApp Security Flaw Allows Remote Device Takeover
A severe security vulnerability in WhatsApp for iOS and MacOS has been discovered, enabling attackers to remotely transfer control of devices without any user interaction. US authorities have classified this threat as critical.
The flaw, identified as CVE-2025-55177, resides in how WhatsApp synchronizes across linked devices.Exploitation allows cybercriminals to inject malicious web content onto targeted devices. The US Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its catalog of known exploited weaknesses.
how the Attack Works:
This “zero-click” attack leverages a combination of vulnerabilities. It begins with a malicious message triggering a flaw in Apple’s image framework (CVE 2025-43300), causing memory errors. Attackers then exploit the WhatsApp synchronization gap to gain full device control. While Apple addressed its vulnerability on August 20, 2025, the WhatsApp component remained exposed until recently. Details of the attack and affected victims remain undisclosed by both companies.
Urgent action Required:
CISA issued a warning on September 2, 2025, requiring all US federal agencies to patch their systems by September 23, 2025.security experts fear the vulnerability could be exploited by ransomware groups due to its remote code execution capabilities.
affected Versions:
* WhatsApp for iOS: before version 2.25.21.73
* WhatsApp business for iOS: before 2.25.21.78
* WhatsApp for Mac: before 2.25.21.78
Meta Faces Additional Scrutiny:
This discovery coincides with a whistleblower lawsuit filed by former WhatsApp security chief Attaullah Baig, alleging systemic security deficiencies within the company. Baig claims widespread access to user data by WhatsApp engineers and a failure to adequately address daily hacking attempts affecting over 100,000 accounts. Meta disputes these claims.
Protect Yourself Now:
Meta has released patched versions of WhatsApp and strongly urges all users to update immediately. If you suspect an attack, WhatsApp recommends a complete factory reset of your device.
Enable automatic updates to ensure you receive critical security patches as soon as they are available. With over three billion WhatsApp users worldwide, the stakes are incredibly high.
[Link to Telegram Guide Removed – per instructions to focus on the core article]
This vulnerability echoes past incidents like the Pegasus spyware, highlighting the ongoing demand for zero-day exploits in messaging apps by state actors and cybercriminals.
