WhatsApp confirms that it has rolled out a fix on the side of servers and users for a vulnerability in its app. That vulnerability made it possible to spread spyware via WhatsApp bubbles to spy on smartphone users.
The exact details are not yet known, but the exploit abused the VoIP system in WhatsApp to invade iOS or Android, says Financial Times. It would then have been possible to spy on smartphone users. The fix on servers has been there since Friday, while users could get a patch from Monday. The latest versions in the Play Store and App Store are from Saturday and Monday, but the change log does not mention the fix.
WhatsApp confirms the exploit to the business newspaper. “This attack has the signs of a private company working with governments to deliver spyware that can take over functions of telephone operating systems. We have briefed a number of human rights organizations and shared all the information we can. We work with them to inform society ”
The spyware is said to have come from the Israeli NSO Group, although it is unknown whether it has also found the vulnerability. The attack works by calling someone via WhatsApp. This way the spyware can be injected, even if someone does not answer. It is unknown how many people are affected by the spyware. Facebook subsidiary WhatsApp has not posted any information about the attack apart from the statement to Financial Times.