Security Alert (A19-05-06): Vulnerability in WhatsApp leading to spyware attacks on mobile devices


 

Published on: 14 May 2019

  
  

Description:

A security vulnerability has been identified in WhatsApp which would allow a remote attacker to install malicious code such as spyware, on a targeted mobile device by making a WhatsApp call. The attack could still succeed even if the call is not answered.

 

Affected Systems:

  • WhatsApp for iOS prior to v2.19.51
  • WhatsApp for Android prior to v2.19.134
  • WhatsApp for Windows Phone prior to v2.18.348
  • WhatsApp for Tizen prior to v2.18.15
  • WhatsApp Business for Android prior to v2.19.44
  • WhatsApp Business for iOS prior to v2.19.51

 

Impact:

A successful exploitation of the vulnerability could lead to arbitrary code execution and information disclosure on affected systems.

 

Recommendation:

Users of affected systems should update WhatsApp to the latest version offered by the official app stores to address the issue.

 

More Information:

https://www.facebook.com/security/advisories/cve-2019-3568
https://www.hkcert.org/my_url/en/alert/19051402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3568

 



Tag: WhatsApp
Tags