Facebook has just confirmed that it has patched a serious security vulnerability on iOS and Mac apps, which was exploited in a targeted spying attack.
According to Google, the flaw allows hackers to secretly access the device of a group of target users, with less than 200 victims.
The vulnerability was identified as CVE-2025-55177, and has been completely fixed. Previously, Apple also handled a related vulnerability (CVE-2025-43300 was exploited in parallel in the same campaign.
Meta ( WhatsApp's parent company) described this as a very sophisticated attack, targeting only specific individuals.
According to Donncha o Cearbhaill, Director of the Security lab of the International Justice Organization ( London, UK), the spent about 90 days since late May using advanced spying software and zero-click technology.
This means that the device can be infected without the user needing to click on the link or download the malicious file. Through WhatsApp, attackers can steal data from the iPhone, including messages and many other sensitive information.
Facebook said it had sent a direct warning to affected users, refusing to disclose the origin of the campaign.
Meta spokeswoman Margarita Franklin confirmed the number of victims was below 200 and said the patch was released a few weeks ago.
This is not the first time WhatsApp has been targeted by spies. In 2019, Israel's NSO Group's Pegasus software penetrated more than 1,400 devices via WhatsApp, forcing the company to pursue a lawsuit and receive $167 million in damages from the US court.
More recently, earlier this year, the platform also blocked another spiel campaign targeting around 90 people, including journalists and civil society representatives in Italy.
Security experts recommend that users regularly update their apps and operating systems to reduce the risk of being exploited through serious vulnerabilities.
The latest case once again shows that popular messaging platforms such as WhatsApp are still a potential gateway for targeted cyber Estimation Campaigns.
