A small advisory on the Facebook site sin’t something you’d perhaps take notice, but the vulnerability allowing remote code execution via WhatsApp VOIP stack is something a lot more people should be aware of.
What’s good is the fact that the WhatsApp application is updated regularly, and I mean very regularly. The problem, therefore, has been fixed – but only for those who have chosen to update in the last few hours or so.
For me, I wake up to a host of “Updated application” messages and my phone updates all the apps nightly, but any Android version older than v2.19.134 is impacted with this quite significant vulnerability. That version, by the way, was released yesterday…
If you’ve got these other versions, or a version lower than the one listed here, you need to update…
WhatsApp Business for Android: v2.19.44
iOS: v2.19.51
Business for iOS: v2.19.51
Tizen: v2.18.15
Windows Phone: v2.18.348
Get updating now, because the vulnerability (more details here) can allow spyware to be injected into your phone via a simple call, even if you don’t answer.