Subj : WhatsApp patches security flaw which let hackers install spyware To : All From : TechnologyDaily Date : Thu Mar 20 2025 14:15:09 WhatsApp patches security flaw which let hackers install spyware Date: Thu, 20 Mar 2025 14:08:00 +0000 Description: Zero-click zero-day was allegedly being used by multiple nation-states against journalists and other high-profile targets. FULL STORY ======================================================================WhatsApp patches vulnerability used to deploy Graphite Graphite is a commercial spyware built by Israeli devs Paragon Around 90 people were targeted, WhatsApp said WhatsApp says it has fixed a zero-day vulnerability which was apparently used by nation-states to spy on journalists, dissidents, political opponents, and others. After being tipped off by security researchers from Citizen Lab, WhatsApp addressed a bug which allowed threat actors to deploy Graphite, a sophisticated spyware tool developed by the Israeli company Paragon Solutions. Graphite was deployed in a zero-click attack, meaning no interaction from the victim was required. Protecting your Android phone "WhatsApp has disrupted a spyware campaign by Paragon that targeted a number of users including journalists and members of civil society. Weve reached out directly to people who we believe were affected," a WhatsApp spokesperson told BleepingComputer . "This is the latest example of why spyware companies must be held accountable for their unlawful actions. WhatsApp will continue to protect peoples ability to communicate privately." A CVE was not assigned to the vulnerability. WhatsApp further said it notified some 90 people, located in more than two dozen countries, including Italian journalists and activists. In theory, the attack was very simple. After obtaining their targets phone numbers, the threat actors would add them to a WhatsApp group, before sending a weaponized PDF. Since the device automatically processes PDF files, the endpoint gets compromised without any action from the user. The next step is to escape the Android sandbox and install the spyware, which grants the attackers access to the devices messaging applications. Citizen Lab was analyzing Graphites infrastructure and found potential links to multiple government customers, including Australia, Canada, Cyprus, Denmark, Israel, and Singapore. Governments in Europe and the United States have been quite vocal in their opposition to commercial spyware. In February 2022, the European Data Protection Supervisor (EDPS) recommended banning the use of Pegasus spyware within the EU, citing concerns over fundamental rights and freedoms. Pegasus developer team, NGO Group, was blacklisted in the United States on November 3, 2021. You might also like Pegasus spyware is still targeting top business leaders We've rounded up the best password managers Take a look at our guide to the best authenticator app ====================================================================== Link to news story: https://www.techradar.com/pro/security/whatsapp-patches-security-flaw-which-le t-hackers-install-spyware --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .