Meta Addresses Critical WhatsApp Vulnerability
WhatsApp, the leading messaging application globally, serves both personal and professional communication needs, which inadvertently renders it an enticing target for cybercriminals. Recently, Meta disclosed that it has rectified a significant security flaw, enabling hackers to extract sensitive data from users.
Details of the Security Flaw
In a concise security advisory, Meta reported the resolution of the vulnerability identified as CVE-2025-5517. This issue arose from inadequate authorization protocols concerning “linked device synchronization messages.”Alarmingly, attackers could exploit another vulnerability, CVE-2025-43300, allowing them to access content through arbitrary URLs without requiring user interaction—effectively categorizing it as a zero-click attack.
Link to Apple’s Core Image Library
Interestingly, CVE-2025-43300 correlates to Apple’s core image library issues, as highlighted by Donncha Ó Cearbhaill from Amnesty International Security Lab on X (formerly Twitter). Although Apple has since addressed this OS-level vulnerability, its previous existence permitted attackers to breach devices via applications beyond WhatsApp.
Manufacturer Guidance for Users
Meta has proactively contacted users likely affected by this exploit, notifying them about potential security breaches associated with malicious messages received. Even with a resolution implemented, the company advises users to perform a factory reset on their devices to ensure any lingering exploit is fully eradicated.
Understanding the Attack’s Scale
The extent of the attack remains unclear; however, evidence suggests it has been active for at least three months. Reports indicate that the exploitation methods employed were highly sophisticated, potentially targeting high-profile individuals. At this time, affected versions of the app include WhatsApp for iOS before v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78. It is imperative for users to update these versions promptly.
For further details, please refer to the full source and images provided here.
Leave a Reply