While WhatsApp is end-to-end encrypted, an attacker could access messages by infecting an end device (phone) on which messages are normally visible.

In addition, an attacker did not have to rely on a faulty user step (such as clicking a link or opening an attachment), the software installation took place after an attacker start WhatsApp call. The user did not even have to accept the call, the malicious code already contained that call.
The call record could then be erased so that the user would not normally be able to determine whether he / she had been the victim of such an attack.
As mentioned above, the bug is already fixed, so it is highly recommended to upgrade to the latest version of WhatsApp.
Or just go to a safer Signal Messenger

Vulnerable Versions:

Android: v2.19.134 and lower, WhatsApp Bussines v2.19.44 and lower
iOS: v2.19.51 and lower, WhatsApp Business v2.19.51 and lower
Windows Phone: v2.18.348 and lower
Tizen: v2.18.15 and lower

How to update WhatsApp?

Android:

• Open Google PlayOpen the menu in the upper left menu
• Open My Apps and Games
• If WhatsApp was not automatically updated, the “Update” button is available. Otherwise, the update menu is missing, only the button to open is used instead.

iOS:

• Open the App Store
• Click “Update” at the bottom of the display
• If WhatsApp was not automatically updated, the “Update” button is available. Otherwise, the update menu is missing, only the button to open is used instead

The post 0-day vulnerability in WhatsApp appeared first on DIGITAL SELF-DEFENSE.