this post was submitted on 30 Aug 2025
109 points (100.0% liked)

Technology

74831 readers
2835 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
109
WhatsApp fixes 'zero-click' bug used to hack Apple ios and macos users with spyware for 3 months (techcrunch.com)
submitted 1 week ago by drmoose@lemmy.world to c/technology@lemmy.world
3 comments fedilink hide all child comments
 

WhatsApp has patched a critical zero-click vulnerability in its iOS and Mac apps that enabled sophisticated spyware attacks targeting specific users over the past three months. The flaw, tracked as CVE-2025-55177, was exploited in combination with an Apple operating system vulnerability to compromise devices and steal sensitive data including private messages.

Meta confirmed it detected and patched the vulnerability "a few weeks ago" and sent notifications to "less than 200" affected WhatsApp users. The company described the attacks as targeting "specific targeted users" through a zero-click exploit that required no interaction from victims to compromise their devices.

The vulnerability involved incomplete authorization of linked device synchronization messages in WhatsApp, allowing attackers to trigger processing of content from arbitrary URLs on targeted devices. Security researchers noted that the flaw was used in conjunction with Apple's CVE-2025-43300, an ImageIO framework vulnerability that Apple patched on August 20.

you are viewing a single comment's thread
view the rest of the comments
[–] Truscape@lemmy.blahaj.zone 8 points 1 week ago

Probably because it picks a lane and stays in it, although I wouldn't trust it on even a burner phone.