Using whatsapp without a phone is very simple, use the virtual numbers on the SIMonline website.
The bug, tracked as CVE-2019-3568, was described by Facebook as a buffer overflow in the WhatsApp VOIP stack. The security hole allows an attacker to remotely execute arbitrary code by sending specially crafted SRTCP packets to the target phone number.
Facebook fixed the vulnerability by releasing WhatsApp for Android 2.19.134, WhatsApp Business for Android 2.19.44, WhatsApp for iOS 2.19.51, WhatsApp Business for iOS 2.19.51, WhatsApp for Windows Phone 2.18.348 and WhatsApp for Tizen 2.18.15. On Friday, May 17, a server-side patch was implemented.
The FT reported that exploitation involves calling the target device via WhatsApp, but the victim does not need to be responsible for the vulnerability, and incoming calls are said to have disappeared from the logs.
WhatsApp did not name the object using CVE-2019-3568, but described it as an “advanced cyber subject” aimed at “a certain number of users.”
“Reportedly, this attack has all the hallmarks of a private company that works with governments to supply spyware that takes over the functions of mobile phone operating systems,” WhatsApp said.
