A very, very bad vulnerability was found in Facebook’s WhatsApp messaging app where commercial spyware can be injected to the app by calling you, using buffer overflow. And whether you pick the call up or not, it’s irrelevant. The spyware will go through and be installed on your phone. You won’t even know about this because the call history can be removed as well, leaving you clueless.
Once the spyware is installed, it can scan your emails, messages, locations, and even turn your smartphone’s microphone and camera on without your consent.
The solution is to update your WhatsApp app to the latest version – which is v2.19.51 (on iOS, I’m not sure about the version on Android). Just to be safe, go to your iOS App Store or Google Play Store and check for the app updates. I know many friends who are lazy to update their apps, but if you are using WhatsApp to communicate with your loved ones, this is very crucial.
According to The Verge, these are the affected WhatsApp versions:
- WhatsApp for Android prior to v2.19.134
- WhatsApp Business for Android prior to v2.19.44
- WhatsApp for iOS prior to v2.19.51
- WhatsApp Business for iOS prior to v2.19.51
- WhatsApp for Windows Phone prior to v2.18.348
- WhatsApp for Tizen prior to v2.18.15
It’s also amusing that the changelog doesn’t even mention this, and only mentioning about stickers…