WhatsApp has confirmed that a dangerous voice call exploit allowed malicious parties to load NSO Group’s Pegasus spyware onto Android and iOS devices.
NSO Group has stated that even if the user did not answer the malicious call, they were still vulnerable to be attacked by this exploit.
The Financial Times reported that the Pegasus software can delete calls from logs, access users’ cameras and microphones, and uncover their location and messaging information.
WhatsApp fixed the issue on its servers on 10 May, and launched an update on 13 May to secure the vulnerability in its smartphone applications.
The company has issued multiple statements urging Android and iOS users to update their WhatsApp applications and their mobile operating systems.
“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” WhatsApp said in a statement to TechCrunch.
WhatsApp has alerted human rights groups and the United States Justice Department to the severity of the exploit, and NSO Group has stated that it was not involved in the attack.