Friday, June 13, 2025
HomeAndroidWhatsApp Hacked - Attackers Exploit iPhone or Android device by Making a...

WhatsApp Hacked – Attackers Exploit iPhone or Android device by Making a WhatsApp call

Published on

SIEM as a Service

Follow Us on Google News

A critical remote code execution vulnerability in WhatsApp allows hackers to deploy spyware remotely on the vulnerable devices.

The vulnerability was discovered earlier this month by WhatsApp, and it can be tracked as CVE-2019-3568. The vulnerability resides in “WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.”

It affects the following versions that include Android before v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

- Advertisement - Google News

The vulnerability can be exploited by making a WhatsApp call to the vulnerable iPhone or Android device and infect the call whether the recipient answered the call or not. Also, the logs of the incoming call were often erased.

The spyware in question was developed by Israeli cyber intelligence company NSO Group, according to Financial Times and the vulnerability was used to attack the phone of an UK-based attorney on 12 May.

“Selected number of users were targeted through this vulnerability by an advanced cyber actor. The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems.” WhatsApp spokesperson told Ars.

Whatsapp said the vulnerability was fixed on Friday and the patch released for end users on Monday, Whatsapp urges users to upgrade with the latest version to avoid infection.

The number of users impacted with this vulnerability remains unknown, according to the company only a small number of users were targeted.

WhatsApp messenger owned by Facebook allows users to send text messages, voice calls, as well as video calls, images, and other media, documents, and to share the user location. Whatsapp is one of the world’s leading app used by 1.5 billion users worldwide.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Facebook Down for Billions of Users Around the World – Instagram & WhatsApp Also Affected

Beware!! New Android Malware That Can Read Your WhatsApp Messages & Take Screen Shots

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Major Outage Hits Google Cloud and Linked Cloudflare Services, Thousands Affected

On June 12, 2025, concurrent infrastructure failures at Cloudflare and Google caused widespread service...

TokenBreak Exploit Tricks AI Models Using Minimal Input Changes

HiddenLayer’s security research team has uncovered TokenBreak, a novel attack technique that bypasses AI...

WebDAV Remote Code Execution 0-Day Actively Exploited — PoC Released

A critical zero-day vulnerability in Microsoft’s Web Distributed Authoring and Versioning (WebDAV) protocol, tracked...

Cybercriminals Exploiting Expired Discord Invite Links to Deploy Multi-Stage Malware

Recent investigations by Check Point Research have uncovered a sophisticated malware campaign that leverages...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

OpenPGP.js Vulnerability Allows Attackers to Bypass Message Signature Verification

A critical vulnerability in OpenPGP.js, a widely used JavaScript library for encrypted messaging and...

Multiple GitLab Vulnerabilities Expose Users to Complete Account Takeover Risks

GitLab, the widely used DevSecOps platform, has released urgent security updates addressing multiple high-severity...

Privilege Escalation in PAN-OS Web Interface Allows Admin Users to Perform Root Actions

Palo Alto Networks disclosed a medium-severity command injection vulnerability on June 11, 2025, designated...