A new cyber espionage campaign has exploited previously unknown vulnerabilities in WhatsApp and Apple’s operating systems, targeting fewer than 200 individuals globally. According to a Meta spokesperson, the attack was highly targeted and has since been mitigated with emergency patches. However, the event has raised serious concerns about the growing sophistication of spyware and its impact on civil society.
A chain attack through WhatsApp and iOS
The campaign exploited a flaw in WhatsApp’s handling of device linking messages (CVE-2025-55177), which allowed attackers to deliver malicious payloads through seemingly ordinary encrypted messages. The exploit triggered a second vulnerability in Apple’s image processing system (CVE-2025-43300), embedded in its Imagelo framework. This layered approach enabled attackers to bypass multiple safeguards with no interaction required from the target.
Amnesty International’s Security Lab is currently analysing forensic traces from affected devices. Early indications suggest both iOS and Android users were compromised, with civil society actors among the main targets. WhatsApp confirmed that the affected users were directly notified and urged to take remediation steps, including full device resets in some cases.
Silent compromise and lingering risk
This spyware attack highlights the deeper danger of chained zero-day exploits. Even after WhatsApp was patched, infected Apple devices could still remain vulnerable at the OS level. Apple’s out-of-bounds write flaw enabled memory corruption upon processing tainted image files, a method that can persist beyond app-level interventions.
Experts warn that such multi-layered attacks represent a new era of surveillance tools—designed not just to breach apps, but to entrench themselves within entire systems. For journalists, human rights defenders, and other high-risk individuals, this presents an existential threat to digital privacy.
The road ahead: patching is not enough
The breach underscores the urgent need for continuous, cross-platform vulnerability management. Device users are urged to immediately apply the latest updates from both WhatsApp and Apple, and security teams must monitor for signs of deeper compromise.
This incident is the latest in a growing series of targeted cyberattacks using mercenary-grade spyware. As governments and attackers develop increasingly complex tools, platform security must evolve beyond reactive patching toward proactive threat modelling and coordinated defense.
