Breaking: WhatsApp Patches Exploit Allowing Hackers to Target Apple Users
| By FinTech News Desk
Zero-Day Vulnerability Discovered in WhatsApp for iOS
Meta-owned WhatsApp has urgently rolled out a security update to address a critical vulnerability in its iOS app that allowed attackers to install spyware on iPhones through malicious video calls. The exploit, classified as a zero-day flaw, enabled hackers to execute arbitrary code on devices running outdated versions of WhatsApp.
How the Exploit Worked
According to cybersecurity researchers, the attack chain involved:
- Initiating a video call to the target’s WhatsApp account
- Exploiting a buffer overflow vulnerability in the app’s video processing system
- Deploying Pegasus-like spyware to gain access to messages, microphone, and camera
The exploit bypassed Apple’s BlastDoor security framework, which is designed to isolate malicious content in iOS apps.
Discovery and Attribution
The flaw was identified by researchers at CIT, who detected it during an investigation of a Bahraini activist’s compromised iPhone. Citizen Lab attributed the attack to a “highly sophisticated spyware vendor,” likely NSO Group or a similar entity, based on the exploit’s signature.
Impact and Mitigation
Affected versions include WhatsApp for iOS versions prior to 2.23.16.74. Users are advised to:
- Immediately update WhatsApp via the App Store
- Enable automatic updates for all apps
- Avoid answering suspicious video calls from unknown numbers
Meta confirmed that the exploit was “actively exploited in the wild” but did not disclose the number of affected users. The company has notified Apple and collaborated with cybersecurity partners to monitor further threats.
Ongoing Risks for Legacy iOS Versions
Devices running iOS versions older than 15.7 remain particularly vulnerable, as Apple no longer provides security patches for these systems. Cybersecurity experts recommend upgrading hardware if unable to install the latest iOS updates.
Industry Response
The incident has reignited debates about:
- End-to-end encryption limitations in preventing zero-click exploits
- The ethics of commercial spyware vendors
- Responsibility for securing legacy devices in enterprise environments
What Users Should Do Now
To verify your WhatsApp version:
- Open WhatsApp Settings
- Navigate to Help > App Info
- Confirm version is 2.23.16.74 or newer
Apple users are also advised to check for iOS updates under Settings > General > Software Update.
