WhatsApp has patched a security flaw that was used in zero-click attacks tied to a separate Apple vulnerability, and the company has notified affected users individually. The issue, tracked as CVE-2025-55177, was used against specific users rather than the wider WhatsApp user base.
WhatsApp closes the hole used in zero-click attacks
The vulnerability involved incomplete authorization of linked device synchronization messages. In practical terms, it could let an unrelated user trigger processing of content from an arbitrary URL on another device.
WhatsApp said the weakness was part of an attack chain that combined its own flaw with an Apple operating-system bug. The fix closes that route through WhatsApp.
How the flaw worked and who was hit
The attack did not require the victim to click anything, which is why it falls into the zero-click category. WhatsApp notified affected users one by one after identifying the targeting.
The company has not confirmed how many accounts were reached. Available details point to specific targets, not a broad user-facing breach.
Open questions on scope and affected devices
What remains unclear is whether the attacks were limited to iPhone, Mac, or both. The available material also does not spell out exactly which device or operating-system versions are covered by the patch.
WhatsApp has closed the flaw used in the attack chain, but the device scope of the fix is still not fully specified.
About the author
Samarth Agrawal is an AI and technology professional who writes about WhatsApp, automation, and emerging AI trends. He focuses on simplifying complex tech updates into practical insights for businesses, creators, and everyday users
