Monday, April 28, 2025
Follow us On Linkedin
HomeAndroidWhatsApp Hacked - Attackers Exploit iPhone or Android device by Making a...

WhatsApp Hacked – Attackers Exploit iPhone or Android device by Making a WhatsApp call

AndroidiOSVulnerabilityZero-Day

Published on

By Gurubaran
WhatsApp hacked

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

A critical remote code execution vulnerability in WhatsApp allows hackers to deploy spyware remotely on the vulnerable devices.

The vulnerability was discovered earlier this month by WhatsApp, and it can be tracked as CVE-2019-3568. The vulnerability resides in “WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.”

It affects the following versions that include Android before v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

- Advertisement - Google News

The vulnerability can be exploited by making a WhatsApp call to the vulnerable iPhone or Android device and infect the call whether the recipient answered the call or not. Also, the logs of the incoming call were often erased.

The spyware in question was developed by Israeli cyber intelligence company NSO Group, according to Financial Times and the vulnerability was used to attack the phone of an UK-based attorney on 12 May.

“Selected number of users were targeted through this vulnerability by an advanced cyber actor. The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.” WhatsApp spokesperson told Ars.

Whatsapp said the vulnerability was fixed on Friday and the patch released for end users on Monday, Whatsapp urges users to upgrade with the latest version to avoid infection.

The number of users impacted with this vulnerability remains unknown, according to the company only a small number of users were targeted.

WhatsApp messenger owned by Facebook allows users to send text messages, voice calls, as well as video calls, images, and other media, documents, and to share the user location. Whatsapp is one of the world’s leading app used by 1.5 billion users worldwide.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Facebook Down for Billions of Users Around the World – Instagram & WhatsApp Also Affected

Beware!! New Android Malware That Can Read Your WhatsApp Messages & Take Screen Shots

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

cyber security

Rack Ruby Framework Vulnerabilities Let Attackers Inject and Manipulate Log Content

Researchers Thai Do and Minh Pham have exposed multiple critical vulnerabilities in the Rack...
CVE/vulnerability

SAP NetWeaver 0-Day Flaw Actively Exploited to Deploy Webshells

SAP disclosed a critical zero-day vulnerability, identified as CVE-2025-31324, in its NetWeaver Visual Composer component. This...
Cyber Security News

Windows 11 25H2 Expected to Launch with Minor Changes

Microsoft is quietly preparing the next update to its flagship operating system, Windows 11 25H2,...
CVE/vulnerability

China Claims U.S. Cyberattack Targeted Leading Encryption Company

China has accused U.S. intelligence agencies of carrying out a sophisticated cyberattack against one...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

CVE/vulnerability

SAP NetWeaver 0-Day Flaw Actively Exploited to Deploy Webshells

SAP disclosed a critical zero-day vulnerability, identified as CVE-2025-31324, in its NetWeaver Visual Composer component. This...
CVE/vulnerability

China Claims U.S. Cyberattack Targeted Leading Encryption Company

China has accused U.S. intelligence agencies of carrying out a sophisticated cyberattack against one...
CVE/vulnerability

Critical FastCGI Library Flaw Exposes Embedded Devices to Code Execution

A severe vulnerability (CVE-2025-23016) in the FastCGI library-a core component of lightweight web server...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved