WhatsApp warns of 'attack against specific targeted users'

Infosec In brief A flaw in Meta's WhatsApp app “may have been exploited in a sophisticated attack against specific targeted users.”

Meta made that alarming admission last week in a security advisory that disclosed CVE-2025-55177, which it described as allowing “Incomplete authorization of linked device synchronization messages in WhatsApp [which] could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.”

The security team at Zuck’s messaging app also name-checked the zero-click vulnerability Apple patched last week - CVE-2025-43300 - because they feel their own CVE and Apple’s flaw “may have been exploited in a sophisticated attack against specific targeted users.”

Donncha Ó Cearbhaill, the head of Amnesty International’s security lab, suggested attackers used the flaws in a highly specialized attack, which from past experience suggests that a commercial surveillanceware vendor is using it in highly targeted attacks against ...