WhatsApp recently patched a serious zero-click vulnerability (CVE-2025-55177) affecting its iOS and macOS apps, exploited in targeted spyware attacks.

The flaw allowed attackers to process content from arbitrary URLs without user interaction, impacting WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78.

Combined with an Apple OS-level flaw (CVE-2025-43300), it was used in sophisticated attacks against specific individuals, such as journalists and activists.

Meta, WhatsApp’s parent company, confirmed the issue was fixed, and users were urged to update to the latest app versions. No evidence suggests widespread exploitation, but vigilance is advised.

Other Spyware Vulnerabilities

Recent spyware vulnerabilities, beyond the WhatsApp zero-click flaw (CVE-2025-55177), include several notable cases across platforms, often targeting mobile devices and browsers due to their widespread use and data access.

Here’s a quick rundown of other significant spyware vulnerabilities reported recently, based on available data:

Apple iOS Vulnerabilities (Pegasus Spyware)

CVE-2021-30860 (FORCEDENTRY):

A zero-click exploit in iOS’s CoreGraphics, used by NSO Group’s Pegasus spyware, allowed remote installation via iMessage. It deleted evidence from the device’s DataUsage.sqlite file, affecting targeted Apple users like journalists and activists. Patched by Apple in September 2021, but it highlighted the persistent threat of zero-click attacks.

CVE-2016-4655:

An information leak in the iOS kernel enabled attackers to map kernel memory, aiding Pegasus deployment. Patched after discovery by Citizen Lab and Lookout in 2016. This vulnerability showed how kernel flaws can facilitate spyware.

Google Chrome Vulnerabilities

CVE-2025-9132:

A high-severity out-of-bounds write flaw in Chrome’s V8 JavaScript engine, patched in Chrome version 139. It allowed potential code execution, often exploited by spyware to gain system access.

CVE-2025-9478:

A use-after-free issue in Chrome’s ANGLE graphics library, enabling malicious code execution via crafted web content. Fixed in August 2025, it was a prime target for spyware due to Chrome’s ubiquity.

Android Vulnerabilities

CVE-2025-0075:

A use-after-free flaw in Android 15’s Bluetooth stack (sdp_server.cc), potentially allowing remote code execution. No exploit exists yet, but patching is advised due to its spyware potential.

LianSpy Malware:

A 2024 Android spyware campaign targeted Russian users, posing as Alipay or system services to evade detection. It exploited app permissions to steal data, showing how fake apps remain a spyware vector.

Citrix NetScaler Vulnerabilities

CVE-2025-7775:

A memory overflow flaw in Citrix NetScaler ADC and Gateway, exploited for remote code execution. Added to CISA’s Known Exploited Vulnerabilities Catalog, it’s a potential spyware entry point due to its network access. Over 28,200 instances remained unpatched by April 2025.

Microsoft SharePoint Vulnerabilities

CVE-2025-53770 & CVE-2025-53771:

Critical flaws enabling unauthenticated remote code execution via deserialization and ViewState abuse. Actively exploited in 2025, these could allow spyware to infiltrate enterprise systems.

ServiceNow Vulnerabilities

CVE-2024-4879 & CVE-2024-5217:

Critical flaws (CVSS scores 9.3 and 9.2) in ServiceNow’s platform, exploited globally for reconnaissance and potential data theft. These vulnerabilities could enable spyware to extract sensitive corporate data.

SpyLoan Android Apps

A 2024 campaign involved 15 malicious Android apps with over 8 million installs, targeting users in South America, Southeast Asia, and Africa. These apps, posing as legitimate loan services, collected sensitive data like contacts and SMS, exploiting excessive permissions.

Common Threads and Mitigation

• • Zero-Click Exploits: Pegasus and similar spyware increasingly use zero-click methods, requiring no user interaction, as seen in WhatsApp and iMessage attacks.
  • Mobile Focus: iOS and Android remain prime targets due to their data-rich environments and widespread use.
  • Phishing and Social Engineering: Many spyware campaigns rely on phishing, fake apps, or compromised websites to exploit unpatched vulnerabilities.
  • Patch Delays: Unpatched systems, like Citrix NetScaler or ServiceNow, amplify risks, as seen with thousands of exposed instances.
  • Recommendations: Update software promptly, use reputable antivirus tools, enable two-factor authentication, avoid untrusted links or apps, and review app permissions regularly.

 
These vulnerabilities underscore the evolving sophistication of spyware, often backed by state or commercial actors like NSO Group. While targeted attacks dominate, unpatched systems and user errors (e.g., clicking malicious links) enable broader exploitation. For further details, check vendor advisories or CISA’s Known Exploited Vulnerabilities Catalog.