Users didn’t even have to answer the phonecall.
WhatsApp has confirmed that it had to patch a flaw that allowed attackers to deliver spyware via a voice call. The Facebook owned chat application had a vulnerability within it’s VoIP function that left all users susceptibal to spyware attacks. Attackers simply had to call the user, and would be able to deliver malicious packets, The user did not need to answer the call in order for the attack to be successful.
The vulnerability was believed to have been used as late as this Sunday in an attack against a UK based human rights lawyer. It is unknown how many may have already fallen victim to this attack.
WhatsApp is advising users to update to the latest version of WhatsApp to ensure they have received the security patch to defend against this major attack. UTB Blogs advises that users delete WhatsApp.
Source: PC Mag