Meta-owned messaging platform WhatsApp has announced that it has fixed a serious bug in its iOS and macOS applications, after the flaw was exploited to conduct targeted surveillance on a small number of users.
In a security advisory, WhatsApp identified the bug as CVE-2025-55177, which attackers combined with a separate Apple system bug (CVE-2025-43300) that the company patched last week. WhatsApp described the campaign as a “highly sophisticated attack” directed at specific individuals.
According to Amnesty International, the surveillance campaign lasted from late May until August and relied on a zero-click method, a technique that allows hackers to attack a device without any interaction from the victim.
WhatsApp has notified the affected users directly, warning that the bugs had been used to install advanced spyware capable of stealing sensitive data, including private messages. Meta confirmed that fewer than 200 people were targeted but declined to identify who was behind the operation.
The case is reminiscent of earlier controversies. In May, a U.S. court ordered Israeli firm NSO Group to pay WhatsApp $167 million in damages for deploying its Pegasus spyware to hack over 1,400 accounts in 2019. And earlier this year, WhatsApp said it blocked another spying attempt that targeted about 90 users, including journalists and activists in Italy.
While Meta emphasized that the recent bug has been patched, experts say the incident highlights the increasing sophistication of cyber-espionage campaigns and the ongoing risks for users, even on platforms designed to be secure.
Follow the latest news on Google News
