[SingCERT] Alert on Exploit Targeting WhatsApp Vulnerability Discovered (CVE-2019-3568)

Published on Tuesday, 14 May 2019 15:30

Background

Security researchers discovered a Remote Code Execution (RCE) vulnerability on WhatsApp, which can be exploited by sending malicious codes to targeted phone numbers. Attackers could exploit the vulnerability by using the WhatsApp calling function to call a targeted user's mobile phone and remotely install surveillance software on the device.


Affected Software

WhatsApp for Android prior to v2.19.134
WhatsApp Business for Android prior to v2.19.44
WhatsApp for iOS prior to v2.19.51
WhatsApp Business for iOS prior to v2.19.51
WhatsApp for Windows Phone prior to v2.18.348
WhatsApp for Tizen prior to v2.18.15


Recommendations

Users are advised to upgrade to the latest version of WhatsApp as soon as possible.

This can be done by updating the app through Google Play or the App Store.


For more information, please refer to the following resources:
https://arstechnica.com/information-technology/2019/05/whatsapp-vulnerability-exploited-to-infect-phones-with-israeli-spyware/
https://www.facebook.com/security/advisories/cve-2019-3568