News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • WhatsApp spyware vulnerability

    Home Forums AskWoody blog WhatsApp spyware vulnerability

    Tagged: ,

    Viewing 5 reply threads
    • Author
      Posts
      • #1618270 Reply
        Kirsty
        Da Boss

        WhatsApp users are being urged to update their apps, to address a vulnerability discovered recently. If you have family members using this platform, I
        [See the full post at: WhatsApp spyware vulnerability]

        4 users thanked author for this post.
      • #1618456 Reply
        Microfix
        AskWoody MVP

        Facebook = /facepalm
        ‘Pegasus’ spyware: aptly named trojan horse that flew off with your data.

        NSO limits sales of its spyware, Pegasus, to state intelligence agencies

        I’ll bet users of WhatsApp are comforted at that news..

        | Win8.1 Pro x64 | Linux Hybrids x86/x64 | Win7 Pro x86/x64 Offline |
        1 user thanked author for this post.
        • #1620292 Reply
          Myst
          AskWoody Plus

          Apps are great to have when they complement the existing, but when they bring together multiple features for easier operation that’s when I steer clear.

          Win7 SP1 Home x64, MacOS / Chromebook

      • #1619231 Reply
        woody
        Da Boss

        It’s a little more complex than that. Ends up that this vulnerability was used to attack the phone of a human rights attorney. It’s not widespread, but it is disconcerting.

        WhatsApp should be updating itself automatically, but if you’re very concerned, you can check manually:

        On an iPhone:
        — Open the App Store and select updates.
        — Select “WhatsApp” and Update.
        On Android:
        — Open the Play Store and tap on the 3 lines in the upper left corner.
        — Select “My apps & games”.
        — Select “WhatsApp” and Update.

        1 user thanked author for this post.
      • #1619298 Reply
        Microfix
        AskWoody MVP

        This also affects PC Windows/ Mac versions as well as windows phones.

        | Win8.1 Pro x64 | Linux Hybrids x86/x64 | Win7 Pro x86/x64 Offline |
        1 user thanked author for this post.
        • #1620242 Reply
          b
          AskWoody Plus

          This also affects PC Windows/ Mac versions as well as windows phones.

          Any source for the PC Windows/Mac info?

          More than 80 sites report that it only affects phones:

          WhatsApp for Android prior to v2.19.134
          WhatsApp Business for Android prior to v2.19.44
          WhatsApp for iOS prior to v2.19.51
          WhatsApp Business for iOS prior to v2.19.51
          WhatsApp for Windows Phone prior to v2.18.348
          WhatsApp for Tizen prior to v2.18.15

          https://www.facebook.com/security/advisories/cve-2019-3568

          2 users thanked author for this post.
          • #1620536 Reply
            Microfix
            AskWoody MVP

            @b my bad, misread (now corrected in previous post) 🙂

            How do the people know if they are infected with spyware or not?
            How does one know if the spyware is off their device after the update?
            I guess we’ll soon find out..

            | Win8.1 Pro x64 | Linux Hybrids x86/x64 | Win7 Pro x86/x64 Offline |
            1 user thanked author for this post.
            • #1621031 Reply
              Myst
              AskWoody Plus

              When all our devices can communicate, whether it be an app originally on a phone or a Mac or PC, there’s the possibility it can infect another system on the same network. So you’re basically correct in your initial post, taking into account the way our machines speak with each other.

              Win7 SP1 Home x64, MacOS / Chromebook

      • #1620010 Reply
        Myst
        AskWoody Plus

        Here’s a link from The Verge … https://www.theverge.com/2019/5/14/18622744/whatsapp-spyware-nso-pegasus-vulnerability

        Win7 SP1 Home x64, MacOS / Chromebook

        1 user thanked author for this post.
      • #1621130 Reply
        anonymous
        Guest

        According to The Verge,

        A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number

        Shouldn’t buffer overflows be a basic thing detected on everyday automated testing, or not testing basic stuff at all is the new trend from multi-gazillion IT corporations?

        • #1625963 Reply
          mn–
          AskWoody Lounger

          In theory, yes…

          In practice, it’s often nontrivial and corner cases can be quite obscure – especially when it’s for an encrypted near-realtime protocol that supports rekeying, which is what SRTCP is.

    Viewing 5 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: WhatsApp spyware vulnerability

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.