So after reading a lot of blogs
I concluded that Pegasus is just a spyware which has some cool features.
Apart from Pegasus,
Meterpreter payload, any other keylogger , rat, or any other malicious piece of code can be used to make control on victim mobile
We usually use social engineering techniques to trick victim to install these malicious software on there system/phone
BUT this latest WhatsApp vulnerability enables a hacker to install/run piece of code without victim interaction
Buffer overflow vulnerability in VoIP stack can be exploited by sending crafted SRTCP packets to victim phone which leads to new vulnerability,
THE most dangerous vuln. I.e. RCE (remote code execution)
The only barrier to perform this attack is that we don’t know how these specially crafted SRTCP packet look like.
Without that info we can’t code our exploit
Or one must know deep knowledge of VOIP, and it’s protocol like SIP, SRCTCP, etc
Hope researcher release a exploit soon