Facebook has recently patched a critical zero-day exploit in WhatsApp, WhatsApp is urging users to update as soon as possible because hackers are able to exploit you remotely to install spyware on phones by calling the targeted device.
WhatsApp did not name the threat actor exploiting the CVE-2019-3568, it described the attackers as an “advanced cyber actor” that targeted “a select number of users.”
A WhatsApp advisory confirmed Monday that the flaw – now patched – is a
WhatsApp buffer overflow vulnerability in WhatsApp’s VOIP stack, which allows remote code execution via specially crafted series of SRTCP [Secure Real Time Transport Protocol] packets sent to a target phone number.
“A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.” details provided by Facebook.
Facebook however did fix the issue with the release of WhatsApp for Android 2.19.134, WhatsApp Business for Android 2.19.44, WhatsApp for iOS 2.19.51, WhatsApp Business for iOS 2.19.51, WhatsApp for Windows Phone 2.18.348, and WhatsApp for Tizen 2.18.15. Any prior version of the popular instant messaging app is vulnerable. The company also implemented a server-side patch that was deployed at the end of last week.
Make sure you go into your app stores and install the latest update.
- Barracuda urges customers to replace Email Security Gateway
- Zero-day vulnerability in the MOVEit file transfer application
- Critical Jetpack Plugin Flaw Addressed in Urgent WordPress Update for Millions of Sites
- Vulnerability With Arris Routers
- Is Your Microsoft Exchange Server Vulnerable to ProxyNotShell Flaw?