These issues affect Android 13, Android 14, Android 15, and Android 16. The agency revealed that the flaws exist within several components of the Android operating system, including the framework, Android runtime, system, Widevine DRM, Project Mainline, kernel, Qualcomm, MediaTek, and other components. The widespread nature of the problem across multiple layers significantly increases the potential for harm.

If successfully exploited, these vulnerabilities could allow hackers to steal phone data, crash devices, execute arbitrary code, or gain complete control of the system. In simpler terms, your smartphone and the personal information it contains could become completely insecure.

Google has released a security patch to address these vulnerabilities. However, Google cannot directly deliver the update to all users, as smartphone manufacturers like Samsung (One UI), OnePlus (OxygenOS), and Xiaomi (HyperOS) roll out updates with their custom skins. Therefore, these companies are responsible for promptly delivering the patch to users.

If a new security update is available for your phone, it is crucial to install it immediately. Updating will keep your phone secure and protect it from cyberattacks. The government’s warning emphasizes that failing to update your device promptly could make it a target for hackers.

WhatsApp’s CVE-2025-43300 Bug
WhatsApp reported that the CVE-2025-43300 bug may have been exploited in sophisticated attacks targeting specific users. This vulnerability affected WhatsApp iOS (versions prior to v2.25.21.73), WhatsApp Business iOS (versions prior to v2.25.21.78), and WhatsApp Mac (versions prior to v2.25.21.78). Meta indicated that the bug was patched several weeks ago, and approximately 200 users were notified about its potential impact.

Apple’s CVE-2025-55177 Bug
Apple also fixed the CVE-2025-55177 bug. The company stated that processing a malicious image file could lead to memory corruption. Reports suggest this vulnerability was also used in high-level spyware attacks, primarily affecting iPhone users.

Discovery of the Bugs
Donncha O Cearbhaill from Amnesty International Security Lab revealed on X that these attacks were part of an advanced spyware campaign. Initial investigations indicated that both iPhone and Android users had been targeted over the past 90 days, including individuals from civil society and activist groups.

Why Zero-Click Vulnerabilities are Dangerous
Zero-Click attacks are among the most dangerous in the cyber world. They do not require the user to click a link or open a file. Hackers can directly infiltrate the system and steal data. These attacks are difficult to defend against because users have no preventive action options.

Recommendations for Users
Users should immediately update their WhatsApp and iOS devices to the latest versions. Avoid suspicious links and files, even though the Zero-Click bugs have been fixed. Regularly install security patch updates and keep apps and software updated.

The affected devices include iPhone 11, XS, 12, 13, 14, 15, and 16 series. Several iPad Pro models, including 13-inch, 12.9-inch (3rd gen and later), and 11-inch (1st gen and later), are also impacted, along with iPad Air (3rd gen and later), and iPad (7th gen and later) models. To resolve this, Apple has rolled out emergency security updates for iPadOS, iOS, and macOS users. Updates are available for iOS and iPadOS 18.6.2, as well as older models running iPadOS 17.7.10.

macOS Sonoma 14.7.8, macOS Sequoia 15.6.1, and macOS Ventura 13.7.8 users can also access the update. Apple has fixed the flaw through improved bounds checking. While details about any attacks are undisclosed, Apple urges all users to update their devices without delay. Security experts strongly recommend installing the latest software update immediately. Users should go to Settings, then General, and tap Software Update to download and install the newest software.