ngCERT-2019-0010: ngCERT Advisory on WhatsApp zero-day vulnerability
WhatsApp discovered what it described as abnormal voice calling activity on their systems. Digital attackers could use the vulnerability to insert malicious code and steal data from an Android phone or an iPhone simply by placing a WhatsApp call, even if the victim did not pick up the call. It was also reported that exploitation involves calling the targeted device via WhatsApp, but the victim does not need to answer the call for the vulnerability to be triggered, and the incoming calls are said to have disappeared from logs.
WhatsApp encourages people to upgrade to the latest version of the app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices.