WhatsApp urges users to upgrade after finding ‘Israeli spyware’ vulnerability
- Attackers could send malicious code to a target’s device by calling the user and infecting the phone even if the recipient did not answer
The spyware was developed by the Israeli cyber intelligence company NSO Group, according to the Financial Times, which first reported the vulnerability.
Attackers could send the malicious code to a target’s device by calling the user and infecting the phone even if the recipient did not answer the call. Logs of the incoming calls were often erased, according to the report.
WhatsApp said the vulnerability was discovered this month and the company quickly addressed the problem within its own infrastructure. An update to the app was published on Monday, and the company is encouraging people to upgrade out of an abundance of caution.
The company has also alerted US law enforcement to the exploit, and published a “ CVE notice ”, an advisory to other cybersecurity experts alerting them to “common vulnerabilities and exposures”.
The vulnerability was used in an attempted attack on the phone of a UK-based lawyer on 12 May, FT reported. The lawyer, who was not identified by name, is involved in a lawsuit against NSO brought by a group of Mexican journalists, government critics and a Saudi Arabian dissident.