WhatsApp fixes a serious security breach on iPhone: what does it consist of and how to protect yourself?

WhatsApp and Apple have released an urgent update after a serious vulnerability was confirmed affecting iPhone and Mac users. Some 200 users — including journalists, activists and risk profiles — have been warned by Meta after a campaign of highly sophisticated cyberattacks was detected. The breach, actively exploited in the last three months, allowed cybercriminals to access and steal information without the victim interacting, through a “zero-click attack” combined with an iOS flaw.

‍

How did the vulnerability work and who were the targets?

• The attack chain took advantage of two critical flaws: one in WhatsApp (CVE-2025-55177) and the other in iOS (CVE-2025-43300), corrected in the latest versions of both the app and the operating system.
• Hackers could send a malicious message, or simply a manipulated image via WhatsApp, which automatically exploited both flaws to take control of the device, access messages, data and private communications without the user clicking or downloading files.
• This is a “zero-click” exploit: the victim didn't even have to open the message or interact, the attack was triggered only upon receipt.
• The campaign was aimed at specific people, mainly in areas of high informational value, but the risk could extend to any user who did not have the app and the system updated.

‍

WhatsApp and Apple reaction: solution and recommendations

• WhatsApp released the 2.25.21.73 patch for iOS and the corresponding version for Mac, urging users to update immediately and alerting those potentially affected so that, in case of suspicion, they format the device as a maximum precaution.
• Apple released the security update in iOS 18.6.2, correcting the vulnerability in its ImageIO image manager involved in the attack chain.
• Both companies recommend urgently updating WhatsApp and the operating system. If you received an official alert from Meta, perform a factory reset.

‍

What can we learn from this case?

• The chains of “zero-click” attacks demonstrate a sophisticated level of engineering, where no user is completely safe even when extreme precautions are taken.
• The importance of keeping your apps and devices up to date isn't just a recommendation: it's your first and last line of defense.
• Cybercriminals prioritize the exploitation of high-value profiles, but campaigns can scale to common users if no action is taken.
• Collaboration between developers and technology companies is key to minimizing exposure time and protecting the privacy of millions of people.

‍

Quick keys to protect yourself

• Update WhatsApp and iOS to the latest version available.
• Beware of unexpected messages or images, especially if they come from unknown contacts.
• If you receive an official alert from Meta, follow the recommendations and perform a security analysis or format the device.
• Activate screen lock and biometric authentication.
• Stay informed and keep an eye on official safety advisories.

‍

🛡️ Check out Apolo Cybersecurity's advanced protection and keep your computer safe

‍

The WhatsApp-iPhone case reveals the sophistication of current cyberattacks and the importance of constant updating. Only prevention and quick reaction can stop data loss and protect the privacy of both ordinary users and high-risk profiles.

Do you want to audit the security of your organization's devices and communications?

‍