Recently Whattsap suffered from a Buffer Over Flow zero Day bug which was exploited by Israeli Company NSO Group which is well known in creating advanced Zero Days Exploits. NSO Group found this bug and installed Pegasus Spyware on various Android and IOS Devices for surveillance Purpose.
Whattspp has patched the Vulnerability on Same day when it was discovered.
How this (CVE-2019-3568) Bug Works ?
Attacker Sends a specially crafted series of SRTCP packet to victim phone and target phone’s Wattsapp VOIP stack buffer overflow vulnerability allow attacker to install “Pegasus Spyware” on the target phone by just placing a whatsapp audio and video call. After the malware is installed on phone malware takes control of the phone like your contacts, messages,calls list, camera, photographs,private chats and etc. This Bug is Discovered by Israeli Company NSO Group who works with Intellegence companies for surveillance related matters.
Pegasus spyware is been used to hack journalists, lawyers, and other high profile Politicians.
Facebook came up with a
Official Advisory by Facebook
Description: A buffer overflow vulnerability in WhatsApp VOIP stack allowed
“Facebook have not reveled the exact number of Users which were affected by this Attack.”