News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • WhatsApp spyware vulnerability

    Home Forums AskWoody blog WhatsApp spyware vulnerability

    Tagged: ,

    This topic contains 10 replies, has 7 voices, and was last updated by

     mn– 1 month ago.

    • Author
      Posts
    • #1618270 Reply

      Kirsty
      Da Boss

      WhatsApp users are being urged to update their apps, to address a vulnerability discovered recently. If you have family members using this platform, I
      [See the full post at: WhatsApp spyware vulnerability]

      4 users thanked author for this post.
    • #1618456 Reply

      Microfix
      Da Boss

      Facebook = /facepalm
      ‘Pegasus’ spyware: aptly named trojan horse that flew off with your data.

      NSO limits sales of its spyware, Pegasus, to state intelligence agencies

      I’ll bet users of WhatsApp are comforted at that news..

      ********** Peng/Wins x86/x64 **********

      - µfix

      1 user thanked author for this post.
      • #1620292 Reply

        willygirl
        AskWoody Plus

        Apps are great to have when they complement the existing, but when they bring together multiple features for easier operation that’s when I steer clear.

        Win7 SP1 Home 64-bit; Office 2010; GrpA/B, when all is said, done and fixed, Mac OSX to help me sleep at night.

    • #1619231 Reply

      woody
      Da Boss

      It’s a little more complex than that. Ends up that this vulnerability was used to attack the phone of a human rights attorney. It’s not widespread, but it is disconcerting.

      WhatsApp should be updating itself automatically, but if you’re very concerned, you can check manually:

      On an iPhone:
      — Open the App Store and select updates.
      — Select “WhatsApp” and Update.
      On Android:
      — Open the Play Store and tap on the 3 lines in the upper left corner.
      — Select “My apps & games”.
      — Select “WhatsApp” and Update.

      1 user thanked author for this post.
    • #1619298 Reply

      Microfix
      Da Boss

      This also affects PC Windows/ Mac versions as well as windows phones.

      ********** Peng/Wins x86/x64 **********

      - µfix

      1 user thanked author for this post.
      • #1620242 Reply

        b
        AskWoody Plus

        This also affects PC Windows/ Mac versions as well as windows phones.

        Any source for the PC Windows/Mac info?

        More than 80 sites report that it only affects phones:

        WhatsApp for Android prior to v2.19.134
        WhatsApp Business for Android prior to v2.19.44
        WhatsApp for iOS prior to v2.19.51
        WhatsApp Business for iOS prior to v2.19.51
        WhatsApp for Windows Phone prior to v2.18.348
        WhatsApp for Tizen prior to v2.18.15

        https://www.facebook.com/security/advisories/cve-2019-3568

        Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/ignorant Toxic drinker Blockhead Unwashed mass Seeker/"Sucker" (Group ASAP) Win10 v.1903

        2 users thanked author for this post.
        • #1620536 Reply

          Microfix
          Da Boss

          @b my bad, misread (now corrected in previous post) 🙂

          How do the people know if they are infected with spyware or not?
          How does one know if the spyware is off their device after the update?
          I guess we’ll soon find out..

          ********** Peng/Wins x86/x64 **********

          - µfix

          1 user thanked author for this post.
          • #1621031 Reply

            willygirl
            AskWoody Plus

            When all our devices can communicate, whether it be an app originally on a phone or a Mac or PC, there’s the possibility it can infect another system on the same network. So you’re basically correct in your initial post, taking into account the way our machines speak with each other.

            Win7 SP1 Home 64-bit; Office 2010; GrpA/B, when all is said, done and fixed, Mac OSX to help me sleep at night.

    • #1620010 Reply

      willygirl
      AskWoody Plus

      Here’s a link from The Verge … https://www.theverge.com/2019/5/14/18622744/whatsapp-spyware-nso-pegasus-vulnerability

      Win7 SP1 Home 64-bit; Office 2010; GrpA/B, when all is said, done and fixed, Mac OSX to help me sleep at night.

      1 user thanked author for this post.
    • #1621130 Reply

      anonymous

      According to The Verge,

      A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number

      Shouldn’t buffer overflows be a basic thing detected on everyday automated testing, or not testing basic stuff at all is the new trend from multi-gazillion IT corporations?

      • #1625963 Reply

        mn–
        AskWoody Lounger

        In theory, yes…

        In practice, it’s often nontrivial and corner cases can be quite obscure – especially when it’s for an encrypted near-realtime protocol that supports rekeying, which is what SRTCP is.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: WhatsApp spyware vulnerability

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.