Facebook shared a security advisory on Monday, May 13th warning WhatsApp users that an “advanced cyber actor” has been spreading spyware through the app by taking advantage of a buffer overflow vulnerability. All that it took to install the spyware on a target’s phone was calling them through the WhatsApp mobile app.
It is important to keep your apps and smartphone up to date to keep them secure from cyber attacks and bugs.
Here are all of the versions of the app which was affected, according to WhatsApp’s advisory:
- WhatsApp for iOS prior to v2.19.51
- WhatsApp for Android prior to v2.19.134
- WhatsApp Business for iOS prior to v2.19.51
- WhatsApp Business for Android prior to v2.19.44
- WhatsApp for Windows Phone prior to v2.18.348
It’s developed by Israeli technology firm NSO Group, which has been in the news sporadically in recent years.
The vulnerability indication primarily discovered this month, it was in use last Sunday, according to Citizen Lab:
“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,” WhatsApp told the Financial Times when asked about the hack on Monday evening. “We have briefed a number of human rights organizations to share the information we can, and to work with them to notify civil society.”
As for NSO, a spokesman for the firm says that it “would not, or could not” use its Pegasus spyware to target “any person or organisation.” That may well be true, but someone is using it for nefarious purposes.
How to update your WhatsApp
On an iPhone
- Open the App Store and select updates.
- Select “WhatsApp” and Update.
On an Android device
- Open the Play Store and tap on the 3 lines in the upper left corner.
- Select “My apps & games” from the menu.– Select “WhatsApp” and select Update.