A new vulnerability discovered in the WhatsApp allowed attackers install a malicious code on iPhones and Android phones by ringing up a target device.
“A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number,” WhatsApp said.
The company discovered the vulnerability and later issued a security patch, although till now, it is not known how many people have been affected by this.
According to the reports, the attackers targeted the device by just placing a call, even if you didn’t answered a call, the malicious code could be transmitted to your phone and a log of the call often disappeared.
WhatsApp is urging all its users to upgrade their app after it released a software update yesterday.
'We believe a select number of users were targeted through this vulnerability by an advanced cyber actor,' WhatsApp told the Financial Times.
'This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.
As per the Financial Times reports, the spyware was developed by NSO Group, an Israeli cybersecurity and intelligence company.