A malicious code developed by an Israeli cyber intelligence firm NSO could be delivered to WhatsApp users handsets using an exploit in the voice-call feature on WhatsApp. The code will be deployed on the user’s phone regardless of whether the user answered the call.
Once the code is installed, then the spyware can turn on your phone’s camera and mic, scan emails and messages, and also collect the user’s location data.
Facebook the parent company of WhatsApp, also confirmed the same with the details as follows:
Description: A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.
According to Facebook, below are the WhatsApp versions that are Vulnerable to the new code.
- WhatsApp for Android prior to v2.19.134
- WhatsApp Business for Android prior to v2.19.44
- WhatsApp for iOS prior to v2.19.51
- WhatsApp Business for iOS prior to v2.19.51
- WhatsApp for Windows Phone prior to v2.18.348
- WhatsApp for Tizen prior to v2.18.15
How To Fix:
WhatsApp team in an official statement said that the Vulnerability was discovered this month (MAY) and it was addressed by their team by rolling out an update on Monday to all the 1.5 billion WhatsApp users globally.
WhatsApp has blocked the attack and advised their 1.5 billion global users to update their app to the latest version. Also, they asked the users to keep their mobile operating system up to date to protect against potential targeted exploits designed to compromise information stored on mobile devices.
Please do update your WhatsApp app now.