WhatsApp has issued an urgent update after uncovering a serious security problem with the messaging app on iPhones and Mac devices.
The issue allows hackers to target WhatsApp users through what is known as a “zero-click” vulnerability. This means people can be exposed to the attack without even clicking on a link or downloading a file.
Some users may have already been exploited in a sophisticated attack, WhatsApp revealed in a security advisory, though no specific details were given.
The Independent has reached out to WhatsApp for further information.
The world’s most popular messaging platform said the security flaw impacted WhatsApp for iOS, WhatsApp Business for iOS and WhatsApp for Mac.
The vulnerability “could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device”, the company said.
Apple has already released a patch to protect impacted devices, while WhatsApp is also rolling out an update that will make it impossible for cyber criminals to take advantage of the issue.
Security experts warned that the popularity of Apple devices among senior executives, combined with the reach of WhatsApp – an estimated 3 billion people use the app – make them prime targets for hackers.
“Attackers know that if they can find a way in, the payoff is huge,” Adam Boynton, a senior security strategy manager at Apple device management firm Jamf, told The Independent.
“It is why we see significant investment from adversaries in uncovering zero-click vulnerabilities like this one.
“The objective is rarely just the initial compromise. Exploits of this kind are often a launchpad for extracting sensitive data, harvesting credentials, eavesdropping on conversations, or even staging a ransomware attack further down the line.”
WhatsApp users on iPhones or Macs are advised to update the chat app to the latest version in order to protect against potential hacks.
Android users are also advised to enable automatic updates to benefit from future security fixes.
