Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

WhatsApp 0-Day Flaw install spyware on phones

 

Systems Affected


  ✦  WhatsApp version prior to V2.19.134
  ✦  WhatsApp Business for android prior to V2.19.44
  ✦  WhatsApp iOS version prior to V2.19.51
  ✦  WhatsAPP Business for iOS prior to V2.19.51
  ✦  WhatsAPP windows phones prior to V2.18.348
  ✦  WhatsAPP for Tizen prior to V2.18.15

Threat Level


High


Overview


CVE-2019-3568 - Attackers could remotely install surveillance malware on smartphones by simply calling the targeted phone.


Description


According to the Facebook buffer overflow vulnerability resides on WhatsApp VOIP (Voice Over IP) stack allows attackers to execute arbitrary code on the targeted phones by sending a crafted series of SRTCP (Secure Real-time Transport Protocol) packets.
Successful attack will install spyware and steal data from Android or iPhone mobile phones by placing a WhatsApp call even when the call is in not answered. Spyware itself will erases the incoming call information from the logs to operate stealthy.


Impact


  ✦  Stealing sensitive information from the tricked user.
  ✦  Remote Code execution.


Solution/ Workarounds


  ✦  Sri Lanka CERT recommends you to update and use the latest version of WhatsApp and download it from Google Playstore or Apple Appstore.


References


  ✦  https://thehackernews.com/2019/05/hack-whatsapp-vulnerability.html


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.