Here is the news for all the WhatsApp users. A flaw had been detected in the application that allows hackers to compromised device. The hackers used an advanced spyware developed by Israeli company NSO group to cause the infection.
The flaw was firstly detected by Financial Times. It was tracked under CVE-2019-3568, which is a buffer overflow in the WhatsApp VOID stack. Due to this help, the remote code execution via specially crafted series of SRTCP packets are sent to a target a target phone number. The vulnerability under it was discovered at beginning of this month when company was busy working for security improvements.
Following had major impact due to the vulnerability CVE-2019-3568 in WhatsApp:
- WhatsApp for Android prior to v2.19.134,
- WhatsApp Business for Android prior to v2.19.44,
- WhatsApp for iOS prior to v2.19.51,
- WhatsApp Business for iOS prior to v2.19.51,
- WhatsApp for Windows Phone prior to v2.18.348,
- And, WhatsApp for Tizen prior to v2.18.15.
Hackers exploited the target by making a call via WhatsApp calling function. Fortunately, the flaw was fixed last Friday.
About NSO Group
It is the company that design Pegasus virus, an advanced spyware which allows the hackers to go through the private messages, turn the camera and microphone on, and collect the personal and sensitive information.
Pegasus virus is delivered through a spam email campaign in which the recipients are tricked into believing that their devices were infected with it and thus they need to take tech support to avoid major risks, said ArsTechnica. The representative added,
“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,”
The vulnerability CVE-2019-3568 in WhatsApp has been fixed
Vulnerability has been fixed already. WhatsApp has reported the attack to US law enforcement to help them with the investigation. According to the NSO Group, the company is now facing the challenges in the Court of Israeli for its ability to export its spyware.