META is currently distributing updates for various WhatsApp clients because it was possible to engage in code without intervention. The security gap in Messenger uses an error in the authorization of certain iPhones, iPads and MacOS computers if messages are to be automatically synchronized with the devices. It is registered under CVE-2025-55177 and can be used in connection with gaps in the operating systems of the devices to install spyware via URL. The users of the Apple devices do not have to confirm this by clicking or tip.
The affected versions WhatsApp for iOS version 2.25.21.73 or older, WhatsApp Business for iOS version 2.25.21.78 and WhatsApp for Mac version 2.25.21.78 or older should be updated immediately. In connection with the already known security gap CVE-2025-55177 (EuVD-2025-26214CVSS 8.0, risk “high”), which Apple had closed last week in iOS and iPados 18.6.2 and MacOS 15.6.1 plus older systems, the exploit can be exploited. The gap in the operating systems affects the library “Image I/O” and enables intersection of executable code via manipulated images. You should also get iOS, iPados and MacOs up to date immediately. As Meta reportsthe gap could have already been exploited.
According to Donncha ó Cearbhaill, head of the Security Lab from Amnesty International, the gap has already been actively exploited. Some users had received warning messages from WhatsApp, there would be indications that they had been sent to a malignant message. The activist writes this On the platform X. It was not certain whether the device in question was successfully compromised to keep a full factory reset and always keeping operating systems and WhatsApp application up to date.
Discover more from Apple News
Subscribe to get the latest posts sent to your email.