Back

WhatsApp Spyware Exploit via Phone Calls Poses Serious Threat

Severity: High (Score: 72.0)

Sources: Blog.Intramind-Srl, Adaderana.Lk

Published: 2026-06-10 · Updated: 2026-06-10

Keywords: spyware, whatsapp, attackers, spread, through, phone, messaging

Severity indicators: spyware

Summary

A vulnerability in WhatsApp allowed attackers to install spyware through phone calls made via the app, even if the call was not answered. This exploit, linked to a buffer-overflow vulnerability, was quickly patched by WhatsApp. The malicious code was reportedly developed by the NSO Group, known for its Pegasus spyware, which can activate device cameras and microphones. The attack primarily targets high-risk individuals such as activists and journalists, but regular users are also at risk due to the widespread nature of the vulnerability. Users are urged to update their WhatsApp applications immediately to mitigate the threat. The incident highlights the ongoing risks associated with messaging apps, which are often targeted for their sensitive data. Buffer-overflow vulnerabilities have been a concern in software development for decades, making this a significant security issue. Key Points: • WhatsApp patched a critical buffer-overflow vulnerability that allowed spyware installation. • The exploit could compromise devices without user interaction, increasing the risk for all users. • The NSO Group's Pegasus spyware was linked to this attack, targeting high-value individuals.

Detailed Analysis

**Impact** Approximately 1.5 billion WhatsApp users worldwide are potentially affected by the spyware exploit, which targets smartphones across all sectors and geographies without requiring user interaction. The attack enables unauthorized installation of surveillance software capable of activating device cameras and microphones, putting private communications, call records, photos, and authentication codes at risk. High-value targets such as journalists, activists, executives, and government officials are particularly vulnerable, though regular users face broad exposure if unpatched. **Technical Details** Attackers exploited a buffer-overflow vulnerability in WhatsApp’s VoIP phone call function, allowing spyware installation without the victim answering the call. The malicious code is linked to NSO Group’s Pegasus spyware, which enables remote activation of device sensors. The exploit occurs during the call setup phase, leveraging a programming error that overwrites memory buffers. No specific CVE identifiers or infrastructure details were disclosed in the sources. **Recommended Response** Users and organizations must immediately update WhatsApp to the latest version to apply the patch addressing the buffer-overflow vulnerability. Defenders should monitor for unusual call activity and signs of unauthorized device sensor activation. Avoid downloading WhatsApp from unofficial sources and treat all security advisories as urgent. No additional IOCs or detection signatures were provided in the articles.

Source articles (2)

  • WhatsApp: Spyware Warning You Can't Ignore — Blog.Intramind-Srl · 2026-06-09
    WhatsApp has issued an update tied to spyware prevention, reinforcing one of the most important parts of modern messaging security, keeping attackers from silently compromising devices. The latest war…
  • How attackers were able to spread spyware through WhatsApp with just a phone call — Adaderana.Lk · 2026-06-10
    Earlier this week, it was reported that a vulnerability in ’s popular WhatsApp messaging service made it possible for attackers to spread spyware to smartphones via phone calls made through the app. T…

Timeline

  • 2026-06-06 — WhatsApp vulnerability reported: A buffer-overflow vulnerability in WhatsApp was exploited to install spyware via phone calls.
  • 2026-06-09 — WhatsApp issues security update: WhatsApp released an update to address the spyware vulnerability and urged users to install it immediately.
  • 2026-06-10 — Public awareness raised: Media outlets highlighted the importance of updating WhatsApp to protect against spyware threats.

Related entities

  • Malware (Attack Type)
  • NSO Group (Company)
  • Cwe-119 - Improper Restriction Of Operations Within Memory Buffer (Cwe)
  • Morris Worm (Malware)
  • Pegasus (Malware)
  • T1203 - Exploitation for Client Execution (Mitre Attack)
  • WhatsApp (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed