whatsappWhatsApp today disclosed a vulnerability that allowed hackers to remotely exploit a bug in the app's audio call system to access sensitive information on an iPhone or Android device.

According to The New York Times, attackers were able to insert malicious code into WhatsApp, allowing them to steal data, regardless of whether or not a WhatsApp phone call was answered.

Security researchers said that the spyware that took advantage of this flaw featured characteristics of the Pegasus spyware from NSO Group, which is normally licensed to governments who purchase the spyware for installing on the devices of individuals who are the target of an investigation.

Description:A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.

Affected Versions: The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

The vulnerability was described by WhatsApp as "nontrivial to deploy, limiting it to advanced and highly motivated actors," but it's not clear how long the security flaw was available nor how many people were affected. It was used to target a London lawyer who has been involved in lawsuits against the NSO Group, and security researchers believe others could have been targeted as well.

WhatsApp engineers "worked around the clock" to address the vulnerability, and made a patch available on Monday. The initial vulnerability was discovered ten days ago after WhatsApp found abnormal voice calling activity following complaints from the aforementioned lawyer. WhatsApp says that it has notified the Department of Justice and a "number of human rights organizations" about the issue.

Update: Reader comments suggested that some of the wording in this article was confusing or misleading, so we have updated it to make sure the details of the vulnerability are clear. Specifically, this issue impacted WhatsApp, not the iOS operating system.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tag: WhatsApp

Top Rated Comments

Slix Avatar
Slix
76 months ago
Remember all the comments the other day about WhatsApp being more secure than iMessage?

:rolleyes:
Score: 25 Votes (Like | Disagree)
macfacts Avatar
macfacts
76 months ago
Remember all the comments the other day about WhatsApp being more secure than iMessage?

:rolleyes:
So a bug in WhatsApp can install unsigned apps? That sounds like iOS has the bigger security bug
Score: 10 Votes (Like | Disagree)
realtuner Avatar
realtuner
76 months ago
So a bug in WhatsApp can install unsigned apps? That sounds like iOS has the bigger security bug
Nah, not on iOS, it's so private and secure things like this or the carrier tracking situation could never be an iPhone issue. Yeah Privacy Timmy!
Two ridiculous comments. So if iOS is the problem, how come the fix was done via a patch to the WhatsApp App itself and also a server side update to WhatsApp? How come there's no updates for iOS or Android (since, you know, this exploit also worked with WhatsApp on Android) to fix this issue?

NVM, because Apple.
Score: 7 Votes (Like | Disagree)
Mascots Avatar
Mascots
76 months ago
How did this vulnerability make it past the App Store review process? Do app reviewers take bribes to allow spy trash like this into apps?
This exploit is sideloaded and delivered to WhatsApp outside of the App Store.

The App Store itself does not vet apps for vulnerabilities (that would be impossible), but it does vet them for these types of warez directly.
[doublepost=1557803453][/doublepost]
So a bug in WhatsApp can install unsigned apps? That sounds like iOS has the bigger security bug
I just searched a little and it looks like this exploit is scoped solely to WhatsApp's VOIP stack (and within the sandbox) and whatever WhatsApp had permissions for. It will access all of your photos, if you've allowed WhatsApp access, for example.

I can't find any evidence of any additional system exploiting, yet. But this seems why it's able to affect such a wide range of systems - it is spyware within WhatsApp itself.
Score: 7 Votes (Like | Disagree)
Marshall73 Avatar
Marshall73
76 months ago
not as bad as the FaceTime bug/exploit.
I’d say it’s arguably worse as they could remote install software to your phone which could do any number of things including scraping all of your information stored on the phone.
Score: 6 Votes (Like | Disagree)
killhippie Avatar
killhippie
76 months ago
Anyone else find it extremely disturbing Israelis spying?

Luckily they don’t make phones.
Israel makes loads of telecoms equipment for Europe and maybe even the USA under the name ECI. Now I don't use WhatsApp, never have but I do find it ironic that Huawei are being banned left right and centre yet ECI based equipment isn't, and now WhatsApp gets caught being a bad actor. I guess it depends on how friendly you are with your spying counterparts and what financial arrangements you have in place with them, as I'm sure every country knows exactly who is spying on who globally. It's good that iOS is so secure though, as Tim says what happens on your iPhone stays on your iPhone, oh hang on...
Score: 3 Votes (Like | Disagree)
Read All Comments

Popular Stories

iphone 17 pro asherdipps

iPhone 17 Pro Max Rumors Allegedly Refer to 'iPhone 17 Ultra' Model

Friday March 14, 2025 7:56 am PDT by
If you've been following iPhone rumors over the last few years, you may remember reading reports that Apple flirted with the idea of introducing a super high-end "Ultra" model that would either replace its Pro Max device or sit above it in Apple's smartphone hirearchy. These reports appeared in the pre-launch iPhone 15 and iPhone 16 rumor cycles, but ultimately came to nothing. Now though, the...
Read Full Article143 comments
ios 18 4 carplay

Apple Upgrades CarPlay in Two Ways

Wednesday March 12, 2025 6:05 am PDT by
The upcoming iOS 18.4 update for the iPhone includes a smaller but meaningful improvement for Apple's in-car iPhone mirroring system CarPlay. Specifically, CarPlay now shows a third row of icons, up from two rows previously. However, this change is only visible in vehicles with a larger center display. For example, a MacRumors Forums member noticed the change in a Toyota Tundra with a...
Read Full Article55 comments
airpods pro 2 gradient

AirPods Pro 3 Launch Now Just Months Away: Here's What We Know

Tuesday March 11, 2025 3:26 am PDT by
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for. Apart from their audio and noise-canceling performance, which are generally regarded as excellent for...
Read Full Article48 comments
apple surveyor app

Apple Launches 'Surveyor' App for Apple Maps Data Collection

Friday March 14, 2025 10:38 am PDT by
Apple today launched a new app called Surveyor, which is designed to allow users to collect data like images of street signs and roadside details to improve Apple Maps. The app is not public facing and appears to be for use with companies that Apple partners with to assign mapping tasks. Downloading the app and opening it up directs users to "Open Partner App" to choose a task. Tapping on...
Read Full Article71 comments
iPhone 17 Air Size Feature

Ultra-Thin 'iPhone 17 Air' Rumored to Include These 12 Features

Saturday March 15, 2025 10:50 am PDT by
While the so-called "iPhone 17 Air" is not expected to launch until September, there are already plenty of rumors about the ultra-thin device. Overall, the "iPhone 17 Air" sounds like a mixed bag. While the device is expected to have an impressively thin and light design, rumors indicate it will have some compromises compared to iPhone 17 Pro models, including only a single rear camera, a...
Read Full Article118 comments
Apple Intelligence Comes Under Fire Feature

Apple Reassures Siri Team Members Feeling Disappointed and Embarrassed by Apple Intelligence Delay

Friday March 14, 2025 11:45 am PDT by
Apple is reassuring employees on the Siri team who may be feeling demotivated by the recent Siri delays and the bad press surrounding the company's decisions, reports Bloomberg. In a Siri team meeting, Apple senior director Robby Walker acknowledged that employees might be feeling "angry, disappointed, burned out and embarrassed" following the Siri delay, but he praised the hard work of...
Read Full Article473 comments
Sad Siri Feature

Kuo: Cook Should Personally Address Siri Apple Intelligence Failure

Thursday March 13, 2025 4:02 pm PDT by
Apple made a major misstep with the way that it handled the delay of Apple Intelligence features for Siri, Apple analyst Ming-Chi Kuo said today. Announcing the delay through a press statement was a bad decision, and Apple should instead have gone through official channels. Kuo referenced the well-known "Antennagate" PR crisis when the iPhone 4 launched in 2010, and the way that then Apple...
Read Full Article431 comments
iOS 18

12 New Things Your iPhone Can Do in iOS 18.4

Monday March 10, 2025 9:28 am PDT by
Apple is set to release iOS 18.4 in early April, bringing further refinements to Apple Intelligence features, a neat new capability to iPhone 15 Pro devices, new emoji, and more. While not quite as packed with new features as Apple's preceding iOS 18 point releases, iOS 18.4 still introduces enhancements that aim to make your iPhone smarter and more intuitive. Below, we've listed 12 new...
Read Full Article33 comments
iOS 19 visionOS UI Elements

iOS 19 to Have Some of the 'Biggest' Design Changes in iPhone's History

Sunday March 16, 2025 10:35 am PDT by
Apple is planning some of the "biggest iOS and macOS redesigns in its history," according to Bloomberg's Mark Gurman. In his Power On newsletter today, Gurman reiterated that iOS 19 will have a visionOS-like design with more transparent interfaces:The new interfaces will adopt the design principles introduced in visionOS, the software for Apple's Vision Pro headset. That includes greater...
Read Full Article119 comments