Users are being encouraged to update their WhatsApp messaging app after iOS and Android users were explosed to a security issue where people calling the target could install government issue spyware onto a target’s phone, even if the call wasn’t answered.
Unlike many vulnerabilities, which are found by security researchers and then fixed quietly before any announcement, in this case there was a live attack, which saw spyware installed on a phone.
Related: Best Android Phones
WhatsApp owner Facebook has said that “an advanced cyber actor” was responsible for the attack, while the Financial Times is reporting that the software was developed by Israeli security bods NSO, a cyber-security firm best known for their ‘Pegasus’ software, a program that can turn on a phone’s microphone or camera remotely, grab location data, and trawl through emails and messages at will.
NSO primarily sell Pegasus to governments and law enforcement agencies, where it’s used to fight terrorism and high-level crime. However, it’s been used multiple times by private citizens and organisations for nefarious means.
Related: Best iPhone 2019
It’s pretty bad news for WhatsApp users, but luckily a fix was pushed on Friday. To seal up the vulnerability, users are being told to update their WhatsApp install. This is easy to do, just head to your app dispensary of choice and hit the update button.
Some 1.5 billion people use WhatsApp around the globe. In a statement, WhatsApp said: “WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices.”
It’s not yet clear how many people were affected, although a UK-based human rights lawyer was reported to have been attacked by Pegasus according to security researchers at Citizens Lab. This attack was blocked by WhatsApp, after the security hole was closed up with the Friday patch.
So, update your WhatsApp. Right now.