A new whatsapp vulnerability allows attackers to remotely install spyware on handsets.
The attack inserts malicious code into data packets that are sent during the calling feature of the app. This causes the whatsapp internal buffer to overflow and so malicious code can be executed on a phone even when a call is not answered.
The spyware probably comes from NSO group in Tel Aviv which develops spyware called pegasus. The group separates itself from the use of the tools and claim are only being responsible for the development of the tools. However the zionist regime is under pressure from the human rights groups to sanction NSO.
There is always a arms race between company security and the groups that work to penetrate security loopholes. Whatsapp has fixed the vulnerability and advising users to install latest updates but it should not take this type of attacks to make users download updates.
Users need to install all updates on routine and this counts for both phones and other connected devices. People that wait for announcements after an attack may be too late to protect themselves.
This cybersecurity breach reveals that it is important to update apps even if they are owned by big companies such as facebook that users expect to have large investment in security.