Blog

Update Whatsapp Or Risk Security Vulnerability

Oct 19, 2019 | Blog

Do you use Whatsapp on an Android device?

If so, you’ll want to upgrade to the latest version as soon as possible.

Recently, a critical vulnerability being tracked as ‘CVE-2019-11932’ was discovered that allows hackers to gain access to your chat logs and personal information by sending you a poisoned GIF.

The flaw is called a “Double-free vulnerability” because it’s triggered when the free() parameter is called twice on the same value and argument inside the software.  When this happens, it causes memory in use to leak and become corrupted, opening the door to the execution of arbitrary code by a determined hacker.

The issue was discovered by an independent security researcher who goes by the name “Awakened.”  While his or her true identity is unknown, they published the technical specifications of the attack on GitHub, which revealed that the bug can be triggered in two ways.

The first way requires a piece of malware code to be injected on a target Android device.  This software generates a poisoned GIF which is used to hack Whatsapp via a collection of library data.

The second variant of the attack requires that a Whatsapp user be exposed to the poisoned GIF via other channels. For instance, if the poisoned file was sent directly to the user or inserted into a user’s gallery.

In any case, the company moved swiftly to patch the issue and if you’re not running a version below 2.19.244, you’re fine.  If you are running an older version than that, you should update immediately, and better yet, just set Whatsapp to receive automatic updates so issues like these won’t plague you in the future.

Two things should be stressed here:  First, this issue only seems to affect Whatsapp for Android. Second, so far, there’s no evidence that the attack has been seen used in the wild.  Nonetheless, it pays to upgrade right away because now that the details of the attack are publicly available, it’s just a matter of time.

 

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech