Popular messaging platform, Whatsapp is urging users to update to the newest version of the app after the company discovered a vulnerability in the app that allowed a spyware to be injected into a user’s phone through the app’s phone call function.
The spyware was created by an Insraeli cyber intelligence company.
Whatsapp said it discovered the vulnerability this month and has quickly addressed the problem with the latest update that was released on Monday.
“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” WhatsApp said in a statement. “We have briefed a number of human rights organizations to share the information we can and to work with them to notify civil society.”
The company said it has alerted US law enforcement to the security breach and published a CVE Notice to to other cybersecurity experts alerting them to “common vulnerabilities and exposures”.
See CVE Notice
CVE-2019-3568
Description: A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.
Affected Versions: The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
Last Updated: 2019-05-13
Whatsapp has 1.5 billion users and uses end-to- encryption making it impossible for third party to spy on messages.
