Security advisories

WhatsApp Active Exploitation

May 14, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

A vulnerability in WhatsApp has been exploited in the wild prior to the releases of a recent security patch[1]. When exploited, CVE-2019-3568 allows for remote code execution without authentication or user interaction. Threat actors have been identified using this vulnerability to deliver spyware to select targets. WhatsApp addressed this issue on their servers on the 10th of May and publicly released patches for mobile devices on May 13th. WhatsApp users are recommended to update the app to the latest version immediately before additional threat actor groups adopt this vulnerability.

What we’re doing about it

What you should do about it

Additional information

CVE-2019-3568 is a buffer overflow vulnerability affecting the WhatsApp VOIP stack. It can be exploited by threat actors sending specially crafted SRTCP packets sent to targeted phone numbers [2]. When executed, the attack appears as a phone call to the WhatsApp number. The user does not need to answer the call for the attack to be successful.

The only available indicator of this attack, at this time, is missed calls from a Swedish phone number (+46). If the attack is successful, these call logs are deleted by the threat actor after infection.

Affected Versions:

Resources:

[1] https://www.nytimes.com/2019/05/13/technology/nso-group-whatsapp-spying.html

[2] https://www.facebook.com/security/advisories/cve-2019-3568

View Most Recent Advisories