InfoSecBulletin Cybersecurity for mankind
Meta’s WhatsApp Security Team has fixed a zero-day vulnerability (CVE-2025-55177) in WhatsApp for iOS (before v2.25.21.73), WhatsApp Business for iOS (before v2.25.21.78), and WhatsApp for Mac (before v2.25.21.78).
According to the advisory, “Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.”
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
The WhatsApp Security Team noted: “We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.”
Apple explains: “An out-of-bounds write occurs when attackers successfully exploit such vulnerabilities by supplying input to a program, causing it to write data outside the allocated memory buffer.”
This type of flaw can cause:
Crashes or instability,
Data corruption, or
Remote Code Execution (RCE) in the worst-case scenario.
Image I/O manages various image formats, so an attacker could embed malicious code in an image to execute arbitrary commands at the OS level.
While both vulnerabilities are dangerous independently, their combined exploitation is what makes this attack particularly alarming.
CVE-2025-55177 in WhatsApp let attackers manipulate victim devices into downloading and processing harmful content from their URLs.
CVE-2025-43300 allowed attackers to execute remote code on the device using a malicious payload.
This chain gave attackers a discreet and effective way to launch attacks with little user involvement, a tactic typical of advanced operations linked to nation-state actors or wealthy surveillance firms.
WhatsApp users should immediately update to:
WhatsApp for iOS v2.25.21.73 or later,
WhatsApp Business for iOS v2.25.21.78 or later,
WhatsApp for Mac v2.25.21.78 or later.
Apple users should install the latest security updates for iOS, iPadOS, and macOS, which patch CVE-2025-43300 in Image I/O.
The risk for average users may be low, but for high-value targets like journalists, diplomats, human rights defenders, and executives, it’s urgent.
3 critical vulnerabilities affect Hikvision product: Patch Now
