CERT-In flags high-severity WhatsApp vulnerability on iOS and Mac

India’s cybersecurity watchdog, the Indian Computer Emergency Response Team (CERT-In), has issued a high-severity alert over a newly discovered vulnerability in WhatsApp. The flaw, disclosed on August 31, 2025, affects versions of the messaging app on iOS and Mac, and could potentially allow attackers to bypass authorization controls and gain access to sensitive user information.

Read more: CERT-In issues high-severity alert for Apple users over critical security flaws

According to CERT-In, the vulnerability has been identified in WhatsApp for iOS versions prior to 2.25.21.73, WhatsApp Business for iOS versions prior to 2.25.21.78, and WhatsApp for Mac versions prior to 2.25.21.78.

The agency has urged users of these platforms to update to the latest available versions immediately to safeguard their data.

The vulnerability arises from improper authorization handling in linked device synchronization messages, a feature that allows users to connect their WhatsApp accounts across devices. CERT-In warns that attackers could exploit this flaw to trigger the processing of content from an arbitrary URL on a victim’s device. This could lead to unauthorized access and disclosure of private information such as messages, media, or account details.

Read more: Government warns Windows users of critical file compressor tool flaw

In some instances, CERT-In noted, the flaw has been observed working in tandem with an OS-level weakness on Apple platforms, making the exploit particularly dangerous in sophisticated, targeted cyberattacks.

Such chaining of vulnerabilities is often associated with advanced threat actors who target individuals or organizations of high value.

With over two billion users worldwide, WhatsApp has become one of the most widely used messaging platforms, especially valued for its end-to-end encryption that protects communications from prying eyes. However, vulnerabilities of this nature can undermine that trust by exposing users to risks of surveillance, data theft, or identity compromise.

Read more: Parliament Panel sounds alarm on AI deepfakes, crime-as-a-service; urges tougher regulation for OTTs, social media

CERT-In has strongly advised all users running the affected versions of WhatsApp on iOS and Mac to immediately update to the patched versions available on the App Store and official channels.

For individuals handling sensitive personal or professional data—such as journalists, policymakers, and executives—the advisory serves as an urgent reminder of the importance of timely software updates and cautious digital hygiene.