WhatsApp has patched a significant security flaw impacting its applications on iOS and macOS. The issue is called a zero‑click vulnerability. Zero‑click means hackers could try to target a user’s device without the person doing anything, like opening a link or tapping a button.
This flaw made it possible for attackers to send hidden requests to WhatsApp and trick the app into processing content from a fake website link.
The problem was registered under the code CVE‑2025‑55177. It happened because WhatsApp did not fully check the authorisation of linked device messages. Normally, when people use WhatsApp Web or WhatsApp for Mac, the app only accepts messages from trusted sources. Due to this weakness, however, the checks were incomplete. That created a chance for malicious requests to sneak in and get processed on the device.
On its own, this bug was not considered extremely dangerous. The risk became bigger because of another security issue found inside Apple’s operating systems. That separate bug was listed as CVE‑2025‑43300. If both flaws were used together, hackers could gain direct access to iPhones or Macs. Apple fixed its part earlier this month, reducing the risk.
The WhatsApp vulnerability affected several versions of the app. The bug was found in older app builds, such as WhatsApp for iOS versions below 2.25.21.73, WhatsApp Business for iOS releases earlier than 2.25.21.78, and WhatsApp for Mac versions older than 2.25.21.78.
The company released updates to close the loophole on all of these apps. Users are advised to update to the latest version immediately, even if they never saw any warning message.
A Meta representative confirmed that the flaw was detected and patched in just a few weeks. Less than 200 people may have been targeted. They were directly informed by the company. Meta has not shared the names or locations of these users to protect their privacy.
The company also stressed that keeping apps updated is the best way to stay protected. Similar advice comes from security experts, who say every iPhone, iPad, and Mac user should update both WhatsApp and their Apple device software without delay.
Both Meta and Apple have now fixed the issues, but this case shows how small weaknesses in apps can become major risks when combined with other flaws. Regular updates remain the simplest tool for users to prevent such attacks in the future.