Lately, WhatsApp has patched a serious vulnerability that was being used to advantage by attackers to remotely install monitoring malware on a few “selected” smartphones just by calling the targeted phone numbers over WhatsApp audio call.
The Israeli company NSO Group that produces the most advanced mobile spyware on the planet discovered, weaponized and then sold it, the WhatsApp exploit installs Pegasus spyware on to Android and iOS devices.
Facebook published an advisory, a buffer overflow vulnerability in WhatsApp VOIP stack allows a specially crafted series of SRTCP packets to be sent by attackers to execute arbitrary code on target phones.
Allegedly, the vulnerability, now known as CVE-2019-3568, can be successfully exploited to install the spyware and steal data from a targeted Android phone or iPhone simply by placing a WhatsApp call, even when the call is not answered.
The targeted phone user will not be aware of the privacy intrusion afterward because the spyware will delete the information of the incoming call from the log in order to operate secretly.
WhatsApp engineers confirm that only a “selected number” of users were targeted by the NSO Group spyware using this vulnerability. Although the precise number of targeted WhatsApp users is unknown for now.
Meanwhile, Citizen Lab, a watchdog group at the University of Toronto which is investigating the activities of NSO Group’s, believes the vulnerability was used to attack a UK-based human rights lawyer as recently as Sunday.
NSO Group’s Pegasus spyware enables attackers to access enormous amounts of data from victims’ smartphones remotely, including their call records, location, microphone, text messages, contact details, emails, WhatsApp messages, and camera—all without the knowledge of the victim.
The malicious spyware has been used in the past against various users like some human rights activists and journalists, from Mexico to the United Arab Emirates, and Amnesty International staffers in Saudi Arabia and another Saudi human rights defender based abroad earlier last year.
All except the latest version of WhatsApp on iOS and Android were susceptible to the vulnerability, meaning the flaw affected all 1.5 billion WhatsApp users until yesterday when Facebook finally patched the issue.
Facebook says.”The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, WhatsApp Business for Android prior to v2.19.44, WhatsApp Business for iOS prior to v2.19.51, and WhatsApp for Tizen prior to v2.18.15,”
WhatsApp engineers found out about the vulnerability earlier this month and alerted the Department of Justice of the issue. They advised users on both iOS and Android to update their apps to the latest version as soon as possible.
Source: The HackerNews