Description:
A security vulnerability has been identified in WhatsApp which would allow a remote attacker to install malicious code such as spyware, on a targeted mobile device by making a WhatsApp call. The attack could still succeed even if the call is not answered.
Affected Systems:
- WhatsApp for iOS prior to v2.19.51
- WhatsApp for Android prior to v2.19.134
- WhatsApp for Windows Phone prior to v2.18.348
- WhatsApp for Tizen prior to v2.18.15
- WhatsApp Business for Android prior to v2.19.44
- WhatsApp Business for iOS prior to v2.19.51
Impact:
A successful exploitation of the vulnerability could lead to arbitrary code execution and information disclosure on affected systems.
Recommendation:
Users of affected systems should update WhatsApp to the latest version offered by the official app stores to address the issue.
More Information:
https://www.facebook.com/security/advisories/cve-2019-3568
https://www.hkcert.org/my_url/en/alert/19051402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3568
