Hackers can remotely deploy spyware on vulnerable devices due to a critical remote code execution vulnerability in WhatsApp.
WhatsApp discovered this vulnerability earlier this month and can be tracked as CVE-2019-3568. “WhatsApp VOIP stack allows remote code execution through specifically crafted series of SRTCP packets sent to a target number” lies within the vulnerability.
The following versions include Android before v2.19.134, WhatsApp for Android before v2.19.44, WhatsApp for iOS before v2.19.51, WhatsApp for iOS before v2.19.51 and WhatsApp for Tizen before v2.18.15. This will affect the following versions: Android before v2.19.334, and WhatsApp before v2.19.51.
A WhatsApp phone call on a vulnerable iPhone or Android device can exploit the vulnerability and infect the call whether the recipient has responded to the call or not. The logs of the call received were also frequently deleted.
According to Financial Times, this spyware is developed by Israeli cyber intelligence company NSO Group and the vulnerability was used to attack the British lawyer’s telephone on 12 May.
“This vulnerability targeted selected numbers of users by an advanced cyber actor. The attack is reportedly characterized by a private company working with governments to deliver spyware that takes over the functions of mobile systems.’
Whatsapp said the vulnerability was fixed Friday, and Whatsapp urges users to upgrade with the latest version to avoid infection with the patch released Monday.
The number of users affected by this vulnerability remains unknown, depending on the company’s targeting of only a few users.
The Facebook-owned WhatsApp messenger enables users to send and share the users ‘ location text messages, voice calls, as well as video calls, images, and other media. Whatsapp is one of the world’s leading applications for 1.5 billion users.