A buffer overflow vulnerability in WhatsApp VOIP stack allows remote attackers to execute arbitrary code on target phones by sending a specially crafted series of SRTCP packets. The vulnerability Is being identified as CVE-2019-3568. Successful exploitation can install the spyware and steal data from a targeted Android or iPhone by merely placing a WhatsApp call, even when the call is not answered. The spyware erases the incoming call information from the logs so the victim wouldn’t be able to find out the intrusion happened.
The vulnerability affects all except the latest version of WhatsApp on iOS and Android, meaning the flaw affected all 1.5 billion people using WhatsApp until yesterday when Facebook finally patched the issue. WhatsApp engineers discovered the vulnerability earlier this month and alerted the Department of Justice about the issue. They encourage users on both iOS and Android to update their apps to the latest version of the popular messaging app as soon as possible.