On May 14, 2019, WhatsApp has announced a vulnerability that could be used to target selected WhatsApp users. The National Cyber Coordination and Command Centre (NC4) would like to advise all Malaysian WhatsApp users to update their WhatsApp application to the latest version as recommended by WhatsApp to mitigate this issue.
WhatsApp has recently released a statement of a security flaw found in their mobile application, which allows attackers to inject spyware into targets' smartphones through a WhatsApp phone call to the target's number. It does not require the target to pick up the phone call for it to be infected. A successful attacker can hijack the application to run malicious code that pores over encrypted chats, eavesdrops on calls, turns on the microphone and camera, accesses photos, contacts, and other information on a device and could potentially further compromise the target's device. Call logs can also be altered to hide the method of infection.
The vulnerability, which has been classified as CVE-2019-3568, is a buffer overflow vulnerability in WhatsApp VOIP stack allows remote code execution via specially crafted series of SRTCP packets sent to a target phone number. WhatsApp has released the latest update of the mobile applications on May 14, 2019 to fix this vulnerability.
iOS and Android platform and affecting the following version of WhatsApp:
NC4 advises everyone who uses the WhatsApp to take the following actions: