0-day vulnerability in WhatsApp

WhatsApp (owned by Facebook) has released an update that patches the vulnerability that allowed attackers to install malicious software.

While WhatsApp is end-to-end encrypted, an attacker could access messages by infecting an end device (phone) on which messages are normally visible.

In addition, an attacker did not have to rely on a faulty user step (such as clicking a link or opening an attachment), the software installation took place after an attacker start WhatsApp call. The user did not even have to accept the call, the malicious code already contained that call.
The call record could then be erased so that the user would not normally be able to determine whether he / she had been the victim of such an attack.
As mentioned above, the bug is already fixed, so it is highly recommended to upgrade to the latest version of WhatsApp.
Or just go to a safer Signal Messenger 🙂

Vulnerable Versions:

Android: v2.19.134 and lower, WhatsApp Bussines v2.19.44 and lower
iOS: v2.19.51 and lower, WhatsApp Business v2.19.51 and lower
Windows Phone: v2.18.348 and lower
Tizen: v2.18.15 and lower

How to update WhatsApp?

Android:

  • Open Google PlayOpen the menu in the upper left menu
  • Open My Apps and Games
  • If WhatsApp was not automatically updated, the “Update” button is available. Otherwise, the update menu is missing, only the button to open is used instead.

iOS:

  • Open the App Store
  • Click “Update” at the bottom of the display
  • If WhatsApp was not automatically updated, the “Update” button is available. Otherwise, the update menu is missing, only the button to open is used instead

Milan

Jmenuji se Milan Půlkrábek, pamatuji si počítače bez internetu, Internet bez Google a mobilní komunikaci bez šifrování. Mám za sebou více než dvacet let profesionální praxe v IT, přednáším a píšu články o IT bezpečnosti, kryptoměnách a nových technologiích. Od roku 2014 jsem součástí nezikové organizace Paralelní Polis v Praze.