On Monday, WhatsApp said it fixed the vulnerability, which enabled attackers to add code to users' smartphones by calling them on WhatsApp, and unfortunately, some smartphones might have been infected even if calls were not answered, CNN Business noted.
NSO Group develops spyware for use by Middle Eastern and western governments, with its main product, Pegasus, being capable of turning on a phone's camera and microphone, reading emails and messages, and sending location data.
WhatsApp is a Facebook subsidiary with more than 1.5 billion users and boasting end-to-end transcription protecting its users' privacy.
In early May, Facebook discovered the vulnerability that would allow commercial-grade spyware to be installed on your phone through a call using WhatsApp.
The Financial Times first reported details of the vulnerability. In 2016, spyware was used in an attack on Emirati human rights activist and 2018, 12 TV journalists got affected while investigating a scandal regarding Mexican President.
The spokesperson did not mention NSO in a statement on the flaw but said the attack had "all the hallmarks of a private company that has been known to work with governments to deliver spyware that has the ability to take over mobile phone operating systems". It also said it had briefed human rights organisations to work with them to notify civil society.
WhatsApp said it has notified European data privacy regulators of the breach and has also provided U.S. law enforcement information to conduct an investigation.
Responding specifically to the apparent targeting of the lawyer, NSO Group said in a statement, "NSO would not or could not use its technology in its own right to target any person or organization, including this individual".
Facebook's engineers have been busy trying to patch the flaw, designated as CVE-2019-3568, and an updated version of WhatsApp has already been pushed out to users.
If you have an iPhone, go to the App Store and click updates.
If you own an Android phone, click on Play Store, then on the menu button. Cybersecurity experts warned that the breach demonstrates that even encrypted messaging apps like WhatsApp, widely believed to be safe from interception, can also be accessed.