The victim doesn't even have to pick up their phone to be effected.
The Facebook-owned software suffers from a classic buffer overflow weakness.
On Monday, the Facebook-owned messaging service disclosed the vulnerability, which affects both iOS and Android, after it was used to attack a number of victims, a WhatsApp spokesperson told PCMag. If your phone offers to update WhatsApp for you, do it, or check for new versions manually. A bug in the VoIP function could let the attacker send specially-crafted data packets to essentially rewrite the app's memory, paving the way for remote code execution.
Several alleged targets of the spyware, including a close friend of Khashoggi and several Mexican civil society figures, are now suing NSO in an Israeli court over the hacking. This exploit would be flawless for a nation's spies keen to pry into the lives of persons of interest.
WhatsApp said the attack had all the hallmarks of a private company known to work with governments to infect phones.
Who could such a company be?. The company also belives that only a relatively small number of users were targeted by the attack. Prosecutors in the United States have been alerted. Although we have no information that would confirm who's behind the attack, the spyware used is usually sold to governments.
Amnesty International is not the only organization pursuing legal action against NSO.
Its flagship software, Pegasus, has the ability to collect intimate data from a target device, including capturing data through the microphone and camera, and gathering location data.
That makes the discovery of the vulnerability particularly disturbing because one of the targets was a UK-based human rights lawyer, the attorney told the AP.
After discovering the vulnerability last week, WhatsApp claims it worked "around the clock" to develop a patch to protect users from the exploit, finally releasing the fix on Monday. Unlike many other news organizations, we have not put up a paywall. NSO Group, the Israeli company that made the spyware in question, was briefed on the exploit and is investigating.
"Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is exclusively operated by intelligence and law enforcement agencies", the company added.
Although it refrained from naming the company, WhatsApp is probably referring to NSO Group, an Israel technology firm notorious for developing a spyware program known as Pegasus that's targeted human rights activists, politicians and journalists.