WhatsApp has disclosed a serious vulnerability in the messaging app that gives snoops a way to remotely inject Israeli spyware on iPhone and Android devices simply by calling the target.
The bug, detailed in a Monday Facebook advisory for CVE-2019-3568, is a buffer overflow vulnerability within WhatsApp’s VOIP function.
An attacker would need to call a target and send rigged Secure Real-time Transport Protocol (SRTP) packets to the phone, allowing them to use the memory flaw in WhatsApp’s VOIP function to inject the spyware and control the device.
The target wouldn’t even need to answer the call for the spyware to be injected, and the calls often disappear from call logs.
Read more…
Source: ZDNet