Details have emerged from Meta's encrypted communications app WhatsApp on recent vulnerabilities that appear to have been used to deploy spyware from an unnamed government, without user interaction.

WhatsApp posted a security advisory for the vulnerability, tracked as CVE-2025-55177, saying it was used in combination with a flaw in Apple's image input/output handling framework in the company's iOS mobile operation system to target specific users.

On its part, Apple issued a patch in iOS and iPadOS 18.6.2 for CVE-2025-43300, which fixed memory corruption that could occur when processing malicious images, on August 20 United States time.