Messaging app WhatsApp has disclosed details regarding a vulnerability that allowed spyware to be injected into a victim’s device simply by getting voice calls. The vulnerability affects both Android and iOS devices, and does not need the recipient to actually pick up the call for the spyware to be installed.
WhatsApp has discovered the vulnerability in early May, and has since fixed the vulnerability, rolling out the fix on Monday. That said, the company is reportedly still investigating the number of phones that were targeted.
The code to exploit this was apparently developed by NSO Group, an Israel-based company that provides spyware to governments. NSO Group itself is reported to be investigating the issue. The company claims that it vetted its customers and investigates any abuse.
While this is quite the potent exploit, WhatsApp has already rollout the fix as mentioned earlier. Keeping the app updated should keep you safe from this particular spyware.
(Source: Financial Times)