Originally Posted by
wco81
Already updated.
I've not used WA for voice that much.
The vulnerability (CVE-2019-3568) has been around for at least months (possibly longer) and does not require the recipient to do anything other than receive (not necessarily answer) a voice call. The record of a missed call can be erased if the attack is successful.
From a security perspective, this kind of vulnerability is as serious as it gets. No interaction from the target and arbitrary code can be executed on the target device. And there is evidence it has been exploited for some time in the wild.
That’s one reason why my security-conscious and paranoid friends are not using WhatsApp. Was it deliberate or a mistake? A closed code base means it isn’t open for public review so no one can say.
I’m not saying I agree with them or their compromises. But it’s hard to argue today.