Critical security vulnerability in WhatsApp: iPhone and Mac users urgently beware!

Critical security vulnerability in WhatsApp: iPhone and Mac users urgently beware!

A critical security flaw in the popular messaging app WhatsApp has been discovered, leaving iPhones, iPads and Macs vulnerable. This vulnerability, designated CVE-2025-55177, affects all WhatsApp versions before 2.25.21.73, on both iOS and macOS. This vulnerability could allow attackers to gain access to personal messages, photos, and other data by using manipulated image files. It should be noted that no active action on the part of the user is necessary - the attacks are carried out using so-called zero-click exploits, which means the risk is particularly high. Already during these attacks, users were attacked without them noticing, which underlines the urgency of the updates, as reported by vienna.at.

Meta, the parent company of WhatsApp, is urging users to update their software immediately. The latest versions of iOS, iPadOS and macOS not only fix CVE-2025-55177, but also another vulnerability known as CVE-2025-43300 affecting the “Image I/O” library. Together, these vulnerabilities represent a significant threat as they can be targeted in advanced attack operations, with users potentially being targeted in espionage campaigns for as long as 90 days, according to bleepingcomputer.com.

Urgent recommendations for users

Affected users should take the following steps:

• Aktualisieren Sie WhatsApp auf die Version 2.25.21.73 oder höher.
• Bringen Sie iOS, iPadOS und macOS auf den neuesten Stand.
• Aktivieren Sie automatisierte Updates, wo möglich.
• Meiden Sie unbekannte Bilddateien, insbesondere in WhatsApp-Nachrichten.

The security firm has also warned users who have been at risk in recent months and advises performing a factory reset on the affected devices. This recommendation is particularly critical because the threat from cyberattacks has increased in recent years, as recent reports from the Google Threat Intelligence Group (GTIG) show. According to security-insider.de, the world saw an increase in zero-day vulnerabilities in operating systems in 2024, including Microsoft Windows and Android.

Advancing digitalization and the growing number of devices used in everyday life offer cybercriminals numerous attack opportunities. The increasing number of vulnerabilities identified - 75 zero-day vulnerabilities in 2024 alone - shows that users should be aware that they could be a potential target for cyberattacks.