A vulnerability in the messaging app WhatsApp has allowed attackers to inject commercial spyware on to iPhone and Android phones just by calling them. This vulnerability in WhatsApp is being exploited by the company NSO Group as part of a package that they sell to governments to allow them to spy on their citizens and others.
Commentary: This event highlights how difficult it is to tell the white hats from the black hats in the cyber world. Even though the exploit is being sold to governments, there is no telling how governments will use it. Likewise, any vulnerability that can be exploit by “the good guys” can just as easily be exploited by criminals. All vulnerabilities are bad, should be publicly published and fixed as soon as possible by the responsible parties. There are no “good” vulnerabilities.
Since the WhatsApp app has been patched for this vulnerability, now would be a good time to make sure that you are running the latest version on your phone.