whatsappWhatsApp today disclosed a vulnerability that allowed hackers to remotely exploit a bug in the app's audio call system to access sensitive information on an iPhone or Android device.

According to The New York Times, attackers were able to insert malicious code into WhatsApp, allowing them to steal data, regardless of whether or not a WhatsApp phone call was answered.

Security researchers said that the spyware that took advantage of this flaw featured characteristics of the Pegasus spyware from NSO Group, which is normally licensed to governments who purchase the spyware for installing on the devices of individuals who are the target of an investigation.

Description:A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.

Affected Versions: The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

The vulnerability was described by WhatsApp as "nontrivial to deploy, limiting it to advanced and highly motivated actors," but it's not clear how long the security flaw was available nor how many people were affected. It was used to target a London lawyer who has been involved in lawsuits against the NSO Group, and security researchers believe others could have been targeted as well.

WhatsApp engineers "worked around the clock" to address the vulnerability, and made a patch available on Monday. The initial vulnerability was discovered ten days ago after WhatsApp found abnormal voice calling activity following complaints from the aforementioned lawyer. WhatsApp says that it has notified the Department of Justice and a "number of human rights organizations" about the issue.

Update: Reader comments suggested that some of the wording in this article was confusing or misleading, so we have updated it to make sure the details of the vulnerability are clear. Specifically, this issue impacted WhatsApp, not the iOS operating system.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tag: WhatsApp

Top Rated Comments

Slix Avatar
Slix
86 months ago
Remember all the comments the other day about WhatsApp being more secure than iMessage?

:rolleyes:
Score: 25 Votes (Like | Disagree)
macfacts Avatar
macfacts
86 months ago
Remember all the comments the other day about WhatsApp being more secure than iMessage?

:rolleyes:
So a bug in WhatsApp can install unsigned apps? That sounds like iOS has the bigger security bug
Score: 10 Votes (Like | Disagree)
realtuner Avatar
realtuner
86 months ago
So a bug in WhatsApp can install unsigned apps? That sounds like iOS has the bigger security bug
Nah, not on iOS, it's so private and secure things like this or the carrier tracking situation could never be an iPhone issue. Yeah Privacy Timmy!
Two ridiculous comments. So if iOS is the problem, how come the fix was done via a patch to the WhatsApp App itself and also a server side update to WhatsApp? How come there's no updates for iOS or Android (since, you know, this exploit also worked with WhatsApp on Android) to fix this issue?

NVM, because Apple.
Score: 7 Votes (Like | Disagree)
Mascots Avatar
Mascots
86 months ago
How did this vulnerability make it past the App Store review process? Do app reviewers take bribes to allow spy trash like this into apps?
This exploit is sideloaded and delivered to WhatsApp outside of the App Store.

The App Store itself does not vet apps for vulnerabilities (that would be impossible), but it does vet them for these types of warez directly.
[doublepost=1557803453][/doublepost]
So a bug in WhatsApp can install unsigned apps? That sounds like iOS has the bigger security bug
I just searched a little and it looks like this exploit is scoped solely to WhatsApp's VOIP stack (and within the sandbox) and whatever WhatsApp had permissions for. It will access all of your photos, if you've allowed WhatsApp access, for example.

I can't find any evidence of any additional system exploiting, yet. But this seems why it's able to affect such a wide range of systems - it is spyware within WhatsApp itself.
Score: 7 Votes (Like | Disagree)
Marshall73 Avatar
Marshall73
86 months ago
not as bad as the FaceTime bug/exploit.
I’d say it’s arguably worse as they could remote install software to your phone which could do any number of things including scraping all of your information stored on the phone.
Score: 6 Votes (Like | Disagree)
killhippie Avatar
killhippie
86 months ago
Anyone else find it extremely disturbing Israelis spying?

Luckily they don’t make phones.
Israel makes loads of telecoms equipment for Europe and maybe even the USA under the name ECI. Now I don't use WhatsApp, never have but I do find it ironic that Huawei are being banned left right and centre yet ECI based equipment isn't, and now WhatsApp gets caught being a bad actor. I guess it depends on how friendly you are with your spying counterparts and what financial arrangements you have in place with them, as I'm sure every country knows exactly who is spying on who globally. It's good that iOS is so secure though, as Tim says what happens on your iPhone stays on your iPhone, oh hang on...
Score: 3 Votes (Like | Disagree)
Read All Comments

Popular Stories

iPhone Pocket Short

iPhone Pocket is Now Completely Sold Out Worldwide

Tuesday November 25, 2025 7:16 am PST by
Apple recently teamed up with Japanese fashion brand ISSEY MIYAKE to create the iPhone Pocket, a limited-edition knitted accessory designed to carry an iPhone. However, it is now completely sold out in all countries where it was released. iPhone Pocket became available to order on Apple's online store starting Friday, November 14, in the United States, France, China, Italy, Japan, Singapore, ...
Read Full Article138 comments
Cyber Week Deals 2025

Best Cyber Week Apple Deals Include Big Discounts on AirPods, Apple Watch, and More

Sunday November 30, 2025 7:33 am PST by
Cyber Week is here, and you can find popular Apple products like AirPods, iPad, Apple Watch, and more at all-time low prices. In this article, the majority of the discounts will be found on Amazon. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. Specifically,...
Read Full Article13 comments
Netflix Smaller 4

Netflix Kills Casting From Its Mobile App to Most Modern TVs

Monday December 1, 2025 4:36 am PST by
Netflix has quietly removed the ability to cast content from its mobile apps to most modern TVs and streaming devices, including newer Chromecast models and the Google TV Streamer. The change was first spotted by users on Reddit and confirmed in an updated Netflix support page (via Android Authority), which now states that the streaming service no longer supports casting from mobile devices...
Read Full Article77 comments
studio display purple february

M5 iPad Pro Could Hint at New Studio Display Feature

Sunday November 30, 2025 10:30 am PST by
The updated specs of the M5 iPad Pro may point toward a major new feature for Apple's next-generation Studio Display expected in early 2026. Apple's latest iPad Pro debuted last month and contains one display-related change that stands out: it can now drive external monitors at up to 120Hz with Adaptive Sync. The feature should deliver lower latency, smoother motion, and fewer visual...
Read Full Article47 comments
New Intel Logo

Apple and Intel Rumored to Partner on Mac Chips Again in a New Way

Friday November 28, 2025 7:33 am PST by
While all Macs are now powered by Apple's custom-designed chips, a new rumor claims that Apple may rekindle its partnership with Intel, albeit in a new and limited way. Apple supply chain analyst Ming-Chi Kuo today said Intel is expected to begin shipping Apple's lowest-end M-series chip as early as mid-2027. Kuo said Apple plans to utilize Intel's 18A process, which is the "earliest...
Read Full Article133 comments
iphone black friday gold

The Best Black Friday iPhone Deals Still Available

Friday November 28, 2025 6:24 am PST by
Cellular carriers have always offered big savings on the newest iPhone models during the holidays, and Black Friday 2025 sales have kicked off at AT&T, Verizon, T-Mobile, and more. Right now we're tracking notable offers on the iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air. For even more savings, keep an eye on older models during the holiday shopping season. Note: MacRumors is...
Read Full Article3 comments
maxresdefault

The MacRumors Show: Apple's Big Plans for iPad Mini 8

Friday November 28, 2025 8:39 am PST by
On this week's episode of The MacRumors Show, we talk through the latest rumors about Apple's upcoming iPad mini 8. Subscribe to The MacRumors Show YouTube channel for more videos The next-generation version of the iPad mini is expected to feature an OLED display, as part of Apple's plan to expand the display technology across many more of its devices. Apple's first OLED device was the Apple...
Read Full Article31 comments
maxresdefault

iPhone Fold: Launch, Pricing, and What to Expect From Apple's Foldable

Monday December 1, 2025 3:00 am PST by
Apple is expected to launch a new foldable iPhone next year, based on multiple rumors and credible sources. The long-awaited device has been rumored for years now, but signs increasingly suggest that 2026 could indeed be the year that Apple releases its first foldable device. Subscribe to the MacRumors YouTube channel for more videos. Below, we've collated an updated set of key details that ...
Read Full Article39 comments
Touchscreen MacBook Feature

Here Are the Four MacBooks Apple Is Expected to Launch Next Year

Monday December 1, 2025 5:00 am PST by
2026 could be a bumper year for Apple's Mac lineup, with the company expected to announce as many as four separate MacBook launches. Rumors suggest Apple will court both ends of the consumer spectrum, with more affordable options for students and feature-rich premium lines for users that seek the highest specifications from a laptop. Below is a breakdown of what we're expecting over the next ...
Read Full Article41 comments