WhatsApp issued a global warning after discovering a chain of vulnerabilities that allowed attackers to infiltrate devices simply by sending a file in a chat.  

In the vulnerability, marked as CVE-2025-55177, attackers could exploit the bug using so-called “zero-click exploits,” in which victims do not need to open a message or click on a link for the attack to be successful.

The security holes worked as a chain: “Attackers first exploited the weakness in WhatsApp and then, through it, used the second flaw in Apple devices, hijacking entire terminals without user interaction,” they said in a statement.

According to Donncha Ó Cearbhaill, director of Amnesty International's Security Lab, those affected include many members of civil society, activists, and journalists.  

What do exploits and zero clicks mean?

An exploit can be a piece of software, a piece of data, or a sequence of commands that takes advantage of a bug or vulnerability in an application or system to cause unwanted or unexpected behavior.  

Zero clicks are a vulnerability that is activated simply by receiving the file. Unlike traditional phishing, it eliminates the need to trick the user with trap messages, multiplying the risk for those with an exposed profile.

Therefore, these holes in a security system are a lethal combination. It is important for users to take preventive measures to avoid them and protect their personal data.

What should users do?

• Update immediately: Make sure both WhatsApp and iOS/macOS are updated to the latest versions.
• Consider a factory reset: For people who have received a threat notification, completely wiping the device may be the only way to remove persistent malware.
• Stay informed: Journalists, activists, and others at higher risk should remain vigilant and consider using tools such as Apple's lockdown mode.

For regular users, the most important defense remains keeping both applications and operating systems up to date, as patches are often the only barrier against these stealthy attacks.