Google security researcher Natalie Silvanovich found the exploit in late August, but it's only being widely disclosed now that there's a fix in place. WhatsApp patched the flaws on September 28th for Android users and October 3rd for iOS.

A spokesperson for WhatsApp told ZDNet there was no evidence the exploit had been used in the wild, and that it "cares deeply" about user security. Still, it adds to some ongoing concerns around WhatsApp in recent weeks. Israel's online intelligence agency recently warned about a widely used account hijacking method that took advantage of improperly secured voicemail inboxes. This doesn't mean that WhatsApp is uniquely vulnerable. It does, however, suggest that users will want to be extra-vigilant, both in locking down their account info and refusing to accept calls from strangers.