Security News on WhatsApp Buffer Overview Vulnerability
On May 14, 2019, a buffer overflow vulnerability was identified in WhatsApp.
The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a boundary error within the WhatsApp VOIP stack when processing SRTCP packets. A remote attacker can send a series of specially crafted SRTCP packets sent to a target phone number, trigger buffer overflow and execute arbitrary code on the target device. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Notes: This vulnerability CVE-2019-3568 is being actively exploited in the wild.
System / Technologies Affected:
The vulnerability affects the following software:
- WhatsApp for Android: versions prior to 2.19.134
- WhatsApp Business for Android: versions prior to 2.19.44
- WhatsApp for iOS: versions prior to 2.19.51
- WhatsApp Business for iOS: versions prior to 2.19.51
- WhatsApp for Windows Phone: versions prior to prior to 2.18.348
- WhatsApp for Tizen: versions prior to v2.18.15
To fix the vulnerability, users should install the latest software version issued by the vendor:
WhatsApp for Android
WhatsApp Business for Android
WhatsApp for iOS
WhatsApp Business for iOS
WhatsApp for Windows Phone
If you will need more information or any help of our GTI Security Consultants, please contact us at email@example.com or 2881 4800.