A massive security flaw identified as CVE-2019-3568 has been discovered and weaponized by the NSO Group.
This allows them to install spyware and steal a variety of data from impacted devices. Worse, the group is installing their Pegasus spyware, which is among the most advanced on the planet. It’s very good at hiding itself, deleting incoming calls, and other log information in order to remain hidden.
The good news is that Facebook, which owns WhatsApp, has patched the flaw with an update. As long as you’re using the latest version, you’re protected. Unfortunately, not everyone keeps their apps up to date. Prior to the patch being released, all 1.5 billion of the app’s users were considered vulnerable.
According to the official company statement:
“The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to 2.18.15.”
Although millions of users have already updated their software, the sad reality is that for most people, keeping apps up to date generally ranks quite low on their list of priorities. That means there are still untold millions of users who are vulnerable.
If you use the app or if you know anyone who does, the best thing you can do is to update to the latest version right away and have your phone thoroughly scanned to be sure you don’t have the Pegasus Spyware already embedded in your system.