**Name of the Vulnerable Software and Affected Versions:**

WhatsApp for iOS versions prior to 2.25.21.73

WhatsApp Business for iOS version prior to 2.25.21.78

WhatsApp for Mac version prior to 2.25.21.78

**Description:**

A critical zero-click flaw exists in WhatsApp’s linked device synchronization feature due to incomplete authorization. This flaw allows attackers to trigger the processing of content from arbitrary URLs on a target device without any user interaction. The vulnerability was exploited in targeted attacks, potentially in conjunction with an Apple OS-level flaw. Fewer than 200 individuals were reportedly affected during a 90-day campaign, including members of civil society. The flaw stems from insufficient authorization in WhatsApp’s linked device sync feature.

**Recommendations:**

Update WhatsApp for iOS to version 2.25.21.73 or later.

Update WhatsApp Business for iOS to version 2.25.21.78 or later.

Update WhatsApp for Mac to version 2.25.21.78 or later.