WhatsApp has patched a major security flaw that exposed iPhone and Mac users to a zero-click attack capable of stealing data without any interaction. The vulnerability, tracked as CVE-2025-5517, stemmed from incomplete authorization checks in WhatsApp’s “linked device synchronization messages.” Attackers could pair it with another flaw, CVE-2025-43300, to trigger the processing of content from arbitrary URLs—making it possible to compromise a device simply by sending a malicious message.
What makes this case more concerning is that CVE-2025-43300 was not limited to WhatsApp. The exploit leveraged Apple’s Core Image library, a system-level component, meaning the flaw could also be abused through other apps before Apple patched it earlier this year. Amnesty International Security Lab’s Donncha Ó Cearbhaill highlighted the vulnerability on X (formerly Twitter), underscoring how deeply integrated image-processing functions can become an unexpected entry point for attackers.
Meta, which owns WhatsApp, has confirmed that the issue has been fixed in recent updates, but the company has also taken the unusual step of contacting potentially affected users directly. In some cases, Meta has advised users to factory reset their devices—even after applying the patch—to ensure that lingering exploits are fully removed.
The precise scope of the campaign remains unclear, but signs point to a sophisticated operation running for at least three months. Given the technical complexity and stealth of the attack, security analysts suspect the exploit was used to target individuals of high value rather than being deployed at scale.
Users running WhatsApp for iOS prior to version 2.25.21.73, WhatsApp Business for iOS before version 2.25.21.78, or WhatsApp for Mac prior to version 2.25.21.78 remain vulnerable if they have not updated. Installing the latest version is strongly recommended, alongside Apple’s recent security updates, to minimize exposure to this class of exploit.
This episode underscores how messaging platforms like WhatsApp—used daily for both personal and professional communication—remain prime targets for attackers. It also highlights the risks of software supply chains where vulnerabilities in system-level libraries, such as Apple’s Core Image, can cascade into popular apps.
