Here’s how to navigate the WhatsApp crisis:
WhatsApp is advising iPhone users to promptly update their messaging app due to sophisticated cyberattacks targeting certain individuals.
According to the advisory, a vulnerability rated as CVE-2025-55177 could have facilitated attacks by triggering content processing from any URL on a targeted device. This, combined with another OS-level vulnerability on Apple devices (CVE-2025-43300), poses a serious risk.
The warning elaborated that malicious messages can be sent through WhatsApp, which, when combined with other vulnerabilities in the operating system, could compromise user data and devices.
To simplify, attackers might disguise malware or spyware as innocuous links. As noted by Amnesty International’s Donchanó Cearbhaill, this is a “zero click” bug, meaning victims don’t need to interact with the link for their devices to be compromised.
A public service announcement indicated that unidentified bad actors could “compromise the device containing the message and the data it holds.” Over three months, an advanced spyware campaign targeted numerous users.
Cearbhaill stressed that early indications show that WhatsApp attacks are impacting both iPhone and Android users, as well as civil society. He also shared a troubling screenshot of a warning sent by the company, alerting users to potential threats from digital trojans.
WhatsApp’s investigation revealed that malicious messages have been sent and may have compromised devices containing sensitive information. They emphasized caution, stating they can’t confirm if your device is compromised but advise users to take protective steps.
While they’ve attempted to fix the security issues, potential malware still poses a risk to personal operating systems. The suggested precautions include performing a “full factory reset” and ensuring that both WhatsApp and iOS are updated.
The recommendation is to upgrade to at least version 2.25.21.73 on iOS and 2.25.21.78 on Mac, as suggested by TechSperts from BitedFender.
Meanwhile, Cearbhaill suggested enabling “iOS Lockdown Mode” or “Android’s Advanced Protective Mode” to provide additional protection against such attacks.
This threat emerges amidst a broader wave of cybercrimes. Recently, the FBI alerted the public to a group of international cybercriminals, known as “scattered spiders,” which had begun targeting the airline industry, utilizing social engineering techniques.
The FBI remarked, “These actors often impersonate employees or contractors to gain access and deceive organizations.”
