WhatsApp 0-Day Flaw install spyware on phones

  • CERT Admin
  • Thu May 14 2020
  • Alerts

Systems Affected 

     ✦  WhatsApp version prior to V2.19.134
    ✦  WhatsApp Business for android prior to V2.19.44
    ✦  WhatsApp iOS version prior to V2.19.51
    ✦  WhatsAPP Business for iOS prior to V2.19.51
    ✦  WhatsAPP windows phones prior to V2.18.348
    ✦  WhatsAPP for Tizen prior to V2.18.15

Threat Level

High

Overview 

CVE-2019-3568 - Attackers could remotely install surveillance malware on smartphones by simply calling the targeted phone.

Description 

According to the Facebook buffer overflow vulnerability resides on WhatsApp VOIP (Voice Over IP) stack allows attackers to execute arbitrary code on the targeted phones by sending a crafted series of SRTCP (Secure Real-time Transport Protocol) packets.

Successful attack will install spyware and steal data from Android or iPhone mobile phones by placing a WhatsApp call even when the call is in not answered. Spyware itself will erases the incoming call information from the logs to operate stealthy.

Impact 

  ✦  Stealing sensitive information from the tricked user.
  ✦  Remote Code execution.

Solution/ Workarounds 

  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.

References 

  ✦  https://thehackernews.com/2019/05/hack-whatsapp-vulnerability.html

Disclaimer 

The information provided herein is on "as is" basis, without warranty of any kind.
 

Last updated: Thu May 14 2020