This WhatsApp Spyware Can Install Itself From A Missed Call

33shares

If you haven’t updated WhatsApp recently, now would be the time to do so. There’s spyware going around that can install itself from a simple phone call.

A vulnerability was discovered this week in WhatsApp, that allows the NSO Pegasus spyware to be injected into a victim’s device, providing attackers with the ability to turn on its camera and mic as well as the ability to read emails and messages – and see the user’s location.

As WhatsApp scrambles to patch the vulnerability, you should be concerned with updating your app, as the NSO Pegasus spyware can be installed without users noticing anything. In fact, you don’t even need to answer the call. As WhatsApp explains in a recent Financial Times report,

“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices.”

A WhatsApp vulnerability was discovered this week and it’s potentially bad news for anyone who hasn’t updated their app.

Click To Tweet

The technical details about the vulnerability came in a Facebook security advisory earlier this week: “A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.”

If you are using any of the following versions of the app, you better update right now.

WhatsApp for Android prior to v2.19.134
WhatsApp Business for Android prior to v2.19.44
WhatsApp for iOS prior to v2.19.51
WhatsApp Business for iOS prior to v2.19.51
WhatsApp for Windows Phone prior to v2.18.348
WhatsApp for Tizen prior to v2.18.15