Social media giants Facebook (owners of popular messaging app, WhatsApp) have recently issued an advisory statement recommending all users to update to the latest version of WhatsApp to protect against a vulnerability that was recently discovered.
This defect would have allowed hackers to target users who have older versions of WhatsApp installed in order to try and gain access to sensitive data, and in some cases, for surveillance purposes.
The vulnerability – listed as CVE-2019-11931 – allowed hackers to remotely install malicious software onto a device via a purpose-built .mp4 file (a common format used for video). On top of that, they were able to do this without any detection or intervention from in-built security features designed to prevent this type of attack.
This news comes just days after WhatsApp reported an attack where another vulnerability was abused in order to spy on over 1,400 people across multiple countries. Most of the victims were journalists, activists, academics and lawyers based in India and were targeted using software called ‘Pegasus’ from Israeli security company, ‘NSO Group’.
As a result of their actions, Facebook are now suing NSO Group over the exploitation of the bug in the messaging app’s video-call feature.
When a journalist reached out to Facebook, a spokesperson replied:
“WhatsApp is constantly working to improve the security of our service. We make public, reports on potential issues we have fixed consistent with industry best practices. In this instance, there is no reason to believe users were impacted.” – Source: thenextweb.com
So, whilst there’s no indication that this bug has been taken advantage of by hackers, Certo recommends that you ensure that all the apps on your device are updated. This will ensure that you are protected from the latest security threats, as most developers continually monitor and insulate you and your data from cyber-attacks.
Facebook has stated that this flaw was only found in versions older than Android 2.19.274 and iOS 2.19.100. Business for Android versions older than 2.19.104, Business for iOS version 2.19.100 and finally, Windows phone versions before and including 2.18.368 were also found to contain the exploit.
If you are currently running any of the above versions of WhatsApp, you should update the app on all of your devices as soon as possible to avoid becoming a victim and risking your device’s security.