**Name of the Vulnerable Software and Affected Versions:**

WhatsApp for iOS versions prior to 2.25.21.73

WhatsApp Business for iOS version prior to 2.25.21.78

WhatsApp for Mac version prior to 2.25.21.78

**Description:**

A critical zero-click vulnerability exists in WhatsApp’s linked device synchronization feature due to incomplete authorization. This flaw allows attackers to trigger the processing of content from arbitrary URLs on a target device without any user interaction. The vulnerability was exploited in targeted attacks, potentially in combination with an Apple OS-level vulnerability. Fewer than 200 individuals were reportedly affected during a 90-day campaign, including members of civil society. The attack involved sending malicious sync messages to compromise devices.

**Recommendations:**

Update WhatsApp to version 2.25.21.73 or later on iOS.

Update WhatsApp Business to version 2.25.21.78 or later on iOS.

Update WhatsApp to version 2.25.21.78 or later on macOS.