WhatsApp revealed on Friday that it uncovered an advanced cyberespionage operation that exploited a series of security flaws within its own app and Apple’s operating system. The sophisticated attack chained these vulnerabilities together to successfully hack into targeted devices, granting the attackers deep access to the phones.
The Facebook parent company, Meta Platforms, stated it has since patched the critical vulnerability in its WhatsApp service that the hackers initially used as a foothold. This flaw was then leveraged to take advantage of a second, separate vulnerability within the Apple iOS operating system itself, ultimately allowing the attackers to hijack the devices. WhatsApp emphasized that the attack was highly targeted, potentially affecting fewer than 200 users globally.
Evidence suggests that members of civil society groups were among those targeted. Donncha O Cearbhaill, head of Amnesty International’s Security Lab, confirmed his organization was beginning to collect forensic data from potential victims. He stated that initial signs indicated the hacking was impacting users across both iPhone and Android platforms.
While WhatsApp was the confirmed entry point, O Cearbhaill noted that other applications beyond the messaging service may also have been affected by the broader exploit chain. The discovery highlights the persistent threat of highly targeted spyware campaigns aimed at high-risk individuals, often leveraging undiscovered vulnerabilities in popular software and devices.
