Facebook-owned messaging app WhatsApp has urged its 1.5 billion users to upgrade the app after finding a vulnerability that allowed spyware to be installed on users’ phones via the app’s phone call function.
The flaw allows the app to be attacked by just leaving a missed call, and until the update was released there was nothing an affected user could do. Once hit, the phone would be compromised without the user knowing it.
The spyware was created by an “advanced cyber actor” and has already been used on multiple phones, WhatsApp said.
The vulnerability leveraged a bug in WhatsApp’s audio call feature, facilitating the installation of spyware on the device being called whether the call was answered or not.
“WhatsApp urging users to update the latest version of their app, as well as keep their device operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices, the company said in a statement.
WhatsApp is urging users to update their apps after the messaging service experienced a security breach. https://t.co/eqPNOup5aD
— Twitter Moments (@TwitterMoments) May 14, 2019