Behind a paywall, here’s another article:
“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,” WhatsApp said.
How dare they install spyware using Facebook’s spyware!
This is not only a bug in WhatsApp, it also exposes a flaw with iOS sandboxing. No user installed app should be able to install (presumably unsigned) packages that are not part of the AppStore approved installer.
Any attempt to start an installation should also trigger a user confirmation dialog box, right?