WhatsApp patched two vulnerabilities that could be exploited by an attacker as a first step to installing smartphone malware on Android or Apple devices.
The Meta-owned chat app loaded onto nine out of every 10 smartphones in much of Latin America and with comparably high rates of penetration in many European and African countries disclosed the vulnerabilities and the patch on Monday. None of the vulnerabilities appear to have been exploited in the wild, says cybersecurity firm Malwarebytes.
Each vulnerability was closed by updated versions of the app that downloaded onto the smartphones of most users, or at least the phones of users who haven’t turned off the typical smartphone’s default setting of automatic app updates.
WhatsApp vulnerabilities can be highly valuable to malicious actors. Chat apps have been exploited to install malware on the smartphones of journalists, activists and politicians. Meta in 2019 filed a lawsuit against advanced spyware firm NSO Group for infecting its customers’ phones with Pegasus spyware.
