Without attracting too much attention, the company Facebook has fixed the vulnerability in the popular WhatsApp messenger, providing the ability to remotely compromise the target device and steal data stored on it is protected information.
The problem that received the identifier CVE-2019-11931, is a buffer overrun vulnerability associated with an implemented in previous versions of WhatsApp, the mechanism of parsing the metadata stream MP4 file that could lead to the possibility of failure or remote code execution.
To remember proekspluatirovat problem is quite simple. To do this, the attacker would need to find out the phone number of the victim and send her on WhatsApp specially sformirovannye file in MP4 format which can be used to covertly install a backdoor or spyware onto the device.
The vulnerability affects both consumer and corporate versions of WhatsApp for all major platforms, including Google Android, Apple iOS and Microsoft Windows. According to the warning Facebook the vulnerability is contained in the following versions:
Android version to 2.19.274;
the iOS version under 2.19.100;
Versions Enterprise Client to 2.25.3;
The Windows Phone version under and including 2.18.368;
Business version for Android to 2.19.104;
Business version for iOS versions up to 2.19.100.
As representatives of WhatsApp, the use cases “svezheokrashennoj” vulnerabilities in targeted attacks is not fixed.
The nature of the vulnerabilities is similar to the issue CVE-2019-3568, as amended by the engineers of Facebook in may of this year. This vulnerability also allowed to set the program to spy on users and, moreover, have been successfully used in real attacks to install spyware Pegasus production of the Israeli company NSO Group. At the end of October this year, the company WhatsApp has filed a lawsuit against the NSO Group, accusing it of aiding government intelligence agencies of hacking into the phones of about 1.4 thousand users worldwide, including diplomats, opposition figures, journalists and senior officials.
Read more •••
Video of the day. Experimental drone “Orion” fell near a residential house