Muscat: WhatsApp on Monday published a security advisory in which it confirmed that hackers were able to exploit a vulnerability in its calling stack and target a select number of users.
It urged users to upgrade their app with a patch it released last Friday to plug the security leak.
The app, owned by Facebook, has around 1.5 billion users and the vulnerability affected certain WhatsApp users on Android, iOS and Windows phones as well, the company said.
According to reports, the security gap left hackers with the ability to call the targets phone and install a monitoring software even without the person on the other end accepting the call.
"The attack has all the hallmarks of a private company that reportedly works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” the company said on Monday in a briefing document note to the BBC.
The security advisory further listed the flaw as “A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.”
Multiple news reports mentioned the possible involvement of the NSO Group, a company which markets Pegasus, its flagship product which has the ability to target a device and collect data, including microphone and camera based information.
However, the company in a statement said that its technology was licensed only to authorised government agencies for the sole purpose of fighting crime and terror.