• WhatsApp spyware vulnerability

    Home » Forums » Newsletter and Homepage topics » WhatsApp spyware vulnerability

    • This topic has 10 replies, 7 voices, and was last updated 3 years ago.
    Author
    Topic
    #1618270

    WhatsApp users are being urged to update their apps, to address a vulnerability discovered recently. If you have family members using this platform, I
    [See the full post at: WhatsApp spyware vulnerability]

    4 users thanked author for this post.
    Viewing 4 reply threads
    Author
    Replies
    • #1618456

      Facebook = /facepalm
      ‘Pegasus’ spyware: aptly named trojan horse that flew off with your data.

      NSO limits sales of its spyware, Pegasus, to state intelligence agencies

      I’ll bet users of WhatsApp are comforted at that news..

      "-rw-rw-rw-" extreme computing
      1 user thanked author for this post.
      • #1620292

        Apps are great to have when they complement the existing, but when they bring together multiple features for easier operation that’s when I steer clear.

        Win7 Home x64 MacOS Chromebook

    • #1619231

      It’s a little more complex than that. Ends up that this vulnerability was used to attack the phone of a human rights attorney. It’s not widespread, but it is disconcerting.

      WhatsApp should be updating itself automatically, but if you’re very concerned, you can check manually:

      On an iPhone:
      — Open the App Store and select updates.
      — Select “WhatsApp” and Update.
      On Android:
      — Open the Play Store and tap on the 3 lines in the upper left corner.
      — Select “My apps & games”.
      — Select “WhatsApp” and Update.

      1 user thanked author for this post.
    • #1619298

      This also affects PC Windows/ Mac versions as well as windows phones.

      "-rw-rw-rw-" extreme computing
      1 user thanked author for this post.
      • #1620242

        This also affects PC Windows/ Mac versions as well as windows phones.

        Any source for the PC Windows/Mac info?

        More than 80 sites report that it only affects phones:

        WhatsApp for Android prior to v2.19.134
        WhatsApp Business for Android prior to v2.19.44
        WhatsApp for iOS prior to v2.19.51
        WhatsApp Business for iOS prior to v2.19.51
        WhatsApp for Windows Phone prior to v2.18.348
        WhatsApp for Tizen prior to v2.18.15

        https://www.facebook.com/security/advisories/cve-2019-3568

        Windows 10 Pro version 21H2 build 19044.1682 + Microsoft 365 (group ASAP)

        2 users thanked author for this post.
        • #1620536

          @b my bad, misread (now corrected in previous post) 🙂

          How do the people know if they are infected with spyware or not?
          How does one know if the spyware is off their device after the update?
          I guess we’ll soon find out..

          "-rw-rw-rw-" extreme computing
          1 user thanked author for this post.
        • #1621031

          When all our devices can communicate, whether it be an app originally on a phone or a Mac or PC, there’s the possibility it can infect another system on the same network. So you’re basically correct in your initial post, taking into account the way our machines speak with each other.

          Win7 Home x64 MacOS Chromebook

    • #1620010

      Win7 Home x64 MacOS Chromebook

      1 user thanked author for this post.
    • #1621130

      According to The Verge,

      A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number

      Shouldn’t buffer overflows be a basic thing detected on everyday automated testing, or not testing basic stuff at all is the new trend from multi-gazillion IT corporations?

      • #1625963

        In theory, yes…

        In practice, it’s often nontrivial and corner cases can be quite obscure – especially when it’s for an encrypted near-realtime protocol that supports rekeying, which is what SRTCP is.

    Viewing 4 reply threads
    Reply To: WhatsApp spyware vulnerability

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.