Facebook informs WhatsApp users about a serious vulnerability in the WhatsApp messenger service. Since yesterday evening, an update has been available to fix the vulnerability. Facebook strongly recommends that you install the update.
The discovered vulnerability can be used by attackers to install malware on the affected device and gain access to the device. The attacker can then access all data on the device without the owner noticing.
According to Facebook, the VoIP stack is the vulnerability of the application. Using a simple WhatsApp call, the attacker can send prepared SRTCP packets to gain access to the device. For this it is completely irrelevant whether the called party accepts, rejects or misses the call.
In addition to WhatsApp, the operating system should also be updated. The following WhatsApp versions are considered secure: v2.19.134 (Android), v2.19.44 (Business for Android), v2.19.51 (iOS and Business for iOS), v2.18.15 (Tizen) and v2.18.348 (Windows Phone).