this post was submitted on 30 Aug 2025
108 points (100.0% liked)

Technology

74794 readers
2642 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
108
WhatsApp fixes 'zero-click' bug used to hack Apple ios and macos users with spyware for 3 months (techcrunch.com)
submitted 6 days ago by drmoose@lemmy.world to c/technology@lemmy.world
3 comments fedilink hide all child comments
 

WhatsApp has patched a critical zero-click vulnerability in its iOS and Mac apps that enabled sophisticated spyware attacks targeting specific users over the past three months. The flaw, tracked as CVE-2025-55177, was exploited in combination with an Apple operating system vulnerability to compromise devices and steal sensitive data including private messages.

Meta confirmed it detected and patched the vulnerability "a few weeks ago" and sent notifications to "less than 200" affected WhatsApp users. The company described the attacks as targeting "specific targeted users" through a zero-click exploit that required no interaction from victims to compromise their devices.

The vulnerability involved incomplete authorization of linked device synchronization messages in WhatsApp, allowing attackers to trigger processing of content from arbitrary URLs on targeted devices. Security researchers noted that the flaw was used in conjunction with Apple's CVE-2025-43300, an ImageIO framework vulnerability that Apple patched on August 20.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] cerebralhawks@lemmy.dbzer0.com 5 points 5 days ago

So... they let you uninstall it? Or are we talking about spyware not made by Meta?

Because the way I understand it, Meta has been hacking iPhones ever since the App Tracking Protection thing came about. Mostly via the in-app browser. Point is, Tim Cook said Meta can continue to track you, they just have to get your permission first, and even if you said no, they still found a way to do it anyway. Therefore, are Meta products not spyware?

(So are Google products. On iPhone, you block ads system-wide with a DNS filter. Same as you do on an unrooted Android phone, since you don't have access to the HOSTS file โ€” rooted users are just using AdAway or something like it to update HOSTS. Anyway, Google apps use Google DNS, which they say makes them faster, but it also has the convenient upshot (to them) of going around your ad blocking, and forcing ads on a user who has explicitly configured their device to block them.)