Zero-Click Bug Hacks WhatsApp
- linguollc
- Sep 2
- 3 min read
WhatsApp announced on Friday that it had patched a critical bug in its iOS and Mac apps that hackers had exploited to infiltrate the devices of carefully selected victims. The flaw had long hung over the platform as a major threat to user security.
The vulnerability, officially tracked as CVE-2025-55177, was discovered working in tandem with another flaw in Apple’s systems, which Apple fixed last week. Together, the bugs created a chain of weaknesses that attackers could easily have botched if not for their sophistication—but instead, they executed the campaign with precision.
Many users found themselves caught up in the spyware operation without clicking any links, since the attack worked as a “zero-click” exploit. This meant devices could suddenly land in the hands of attackers who gained access to sensitive data and personal messages.
Security experts said the attack was riddled with advanced coding designed to evade detection, leaving victims little choice but to resign themselves to the fact that their data had already been exposed.
WhatsApp said it had worked to iron out the technical flaws and is now trying to smooth things over with users by offering greater transparency. Still, critics argue that no patch can fully make up for the damage already done.
Meta, WhatsApp’s parent company, said it had sent fewer than 200 notifications to affected users, emphasizing that it would never resort to silence when it came to threats of this magnitude. Meanwhile, some victims may still be grasping at answers about who was responsible, as WhatsApp has not attributed the attack to any specific group or vendor.
This incident adds to a series of spyware campaigns targeting WhatsApp users worldwide, showing that the fight to protect privacy is far from over.
Vocabulary List + Practice
hang over – to cause worry or unease by remaining unresolved
The security bug had long hung over WhatsApp as a major concern.
Practice: Can you describe a problem that has recently hung over your work or life?
botch – to do something badly or clumsily
Attackers could have botched the spyware campaign, but instead they executed it flawlessly.
Practice: Have you ever botched a task at school or work? What happened?
caught up in – to become involved in something, often unintentionally
Users were caught up in the spyware campaign without even clicking a link.
Practice: When was the last time you felt caught up in a situation you couldn’t control?
land in – to end up in an unpleasant or difficult situation
Compromised devices quickly landed in the hands of hackers.
Practice: Have you ever landed in trouble by accident?
riddled with – full of something unpleasant or harmful
The spyware code was riddled with advanced evasion techniques.
Practice: Can you name a city or system you think is riddled with problems?
resign to – to accept something unpleasant without resistance
Victims had to resign themselves to the fact that their data was stolen.
Practice: What’s something you’ve had to resign yourself to in life?
iron out – to resolve problems or difficulties
WhatsApp worked quickly to iron out the bugs in its system.
Practice: Do you usually try to iron out issues right away, or wait until later?
smooth things over – to make a situation less tense or problematic
WhatsApp is trying to smooth things over with users after the attack.
Practice: Have you ever helped smooth things over between two people?
make up for – to compensate for something bad or missing
No patch can make up for the data that was already stolen.
Practice: How do you usually make up for mistakes at work or in class?
resort to – to turn to something as a last option
Meta said it would never resort to silence on serious threats.
Practice: Have you ever had to resort to a desperate solution?
grasp at – to try eagerly to obtain or achieve something, often without much hope
Victims were left grasping at answers about who was behind the attack.
Practice: When was a time you found yourself grasping at solutions?
Comments