Summary: WhatsApp has patched a zero-click vulnerability exploited by Paragonβs Graphite spyware, which targeted journalists and civil society members. The company notified 90 affected Android users globally and emphasized the importance of holding spyware companies accountable. This incident highlights the ongoing challenges in ensuring digital privacy amidst advanced surveillance technologies.
Affected: WhatsApp, Android users globally
Keypoints :
- WhatsApp addressed the vulnerability without a client-side fix and chose not to assign a CVE-ID.
- The spyware campaign utilized a zero-click exploit that infected devices by processing a PDF sent in a WhatsApp group.
- Citizen Lab identified potential government links to Paragon, underscoring concerns about spyware use by law enforcement agencies.