WhatsApp has fixed a critical security bug in its iOS and Mac apps that allowed hackers to secretly compromise the devices of targeted users without their interaction. The vulnerability, known as CVE-2026-55177, was exploited alongside another flaw found in iOS and Macs, tracked as CVE-2026-43300.

The combined bugs enabled attackers to deliver a malicious exploit through WhatsApp that could steal data from the user's Apple device, making it vulnerable to advanced spyware campaigns. According to Donncha Ó Cearbhaill, head of Amnesty International's Security Lab, this attack is an example of a "zero-click" vulnerability, which doesn't require any interaction from the victim to compromise their device.

The attack was capable of compromising devices and stealing sensitive data, including messages. While it's unclear who or which spyware vendor is behind these attacks, WhatsApp has confirmed that they detected and patched the flaw a few weeks ago and notified less than 200 affected users.

This isn't the first time WhatsApp users have been targeted by government spyware. In May, a U.S. court ordered NSO Group to pay WhatsApp $167 million in damages for a 2019 hacking campaign that compromised over 1,400 devices. Earlier this year, WhatsApp disrupted a spyware campaign targeting around 90 users, including journalists and civil society members across Italy.

Improving App User Experience Through Enhanced Security

As app user experience continues to evolve, security vulnerabilities like these highlight the importance of prioritizing user protection. By identifying and addressing critical bugs before they can be exploited, developers can ensure a safer and more trustworthy experience for their users.

The Importance of Effective Bug Fixing

WhatsApp's swift action in detecting and patching the flaw demonstrates the importance of effective bug fixing in maintaining app security. As app user experience continues to rely on robust security measures, it's crucial that developers prioritize identifying and addressing vulnerabilities before they can be exploited.