InfoSecBulletin Cybersecurity for mankind
Meta’s WhatsApp Security Team has fixed a zero-day vulnerability (CVE-2025-55177) in WhatsApp for iOS (before v2.25.21.73), WhatsApp Business for iOS (before v2.25.21.78), and WhatsApp for Mac (before v2.25.21.78).
According to the advisory, “Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.”
Hacker claim to breach Link3; 189,000 Users data up for sale
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks
CVE-2025-21043
Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks
Albania appoints world’s first AI minister, “Diella” to Tackle Corruption
The WhatsApp Security Team noted: “We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.”
Apple explains: “An out-of-bounds write occurs when attackers successfully exploit such vulnerabilities by supplying input to a program, causing it to write data outside the allocated memory buffer.”
This type of flaw can cause:
Crashes or instability,
Data corruption, or
Remote Code Execution (RCE) in the worst-case scenario.
Image I/O manages various image formats, so an attacker could embed malicious code in an image to execute arbitrary commands at the OS level.
While both vulnerabilities are dangerous independently, their combined exploitation is what makes this attack particularly alarming.
CVE-2025-55177 in WhatsApp let attackers manipulate victim devices into downloading and processing harmful content from their URLs.
CVE-2025-43300 allowed attackers to execute remote code on the device using a malicious payload.
This chain gave attackers a discreet and effective way to launch attacks with little user involvement, a tactic typical of advanced operations linked to nation-state actors or wealthy surveillance firms.
WhatsApp users should immediately update to:
WhatsApp for iOS v2.25.21.73 or later,
WhatsApp Business for iOS v2.25.21.78 or later,
WhatsApp for Mac v2.25.21.78 or later.
Apple users should install the latest security updates for iOS, iPadOS, and macOS, which patch CVE-2025-43300 in Image I/O.
The risk for average users may be low, but for high-value targets like journalists, diplomats, human rights defenders, and executives, it’s urgent.
3 critical vulnerabilities affect Hikvision product: Patch Now
