Security News on WhatsApp Buffer Overview Vulnerability
On May 14, 2019, a buffer overflow vulnerability was identified in WhatsApp.
The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a boundary error within the WhatsApp VOIP stack when processing SRTCP packets. A remote attacker can send a series of specially crafted SRTCP packets sent to a target phone number, trigger buffer overflow and execute arbitrary code on the target device. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Notes: This vulnerability CVE-2019-3568 is being actively exploited in the wild.
System / Technologies Affected:
The vulnerability affects the following software:
- WhatsApp for Android: versions prior to 2.19.134
- WhatsApp Business for Android: versions prior to 2.19.44
- WhatsApp for iOS: versions prior to 2.19.51
- WhatsApp Business for iOS: versions prior to 2.19.51
- WhatsApp for Windows Phone: versions prior to prior to 2.18.348
- WhatsApp for Tizen: versions prior to v2.18.15
Solutions:
To fix the vulnerability, users should install the latest software version issued by the vendor:
WhatsApp for Android
WhatsApp Business for Android
WhatsApp for iOS
WhatsApp Business for iOS
WhatsApp for Windows Phone
Related Links:
If you will need more information or any help of our GTI Security Consultants, please contact us at inquiry@gti.com.hk or 2881 4800.