WhatsApp flaw allows hackers to hijack users' encrypted communications (CVE-2019-3568)

A whatsapp-confirms-its-been-targeted-by-spyware.html patched by engineers reportedly let hackers break into the secured communications of iPhone and Android users. Security researchers say that there is a spyware - claimed to be connected to cyber-intelligence company NSO Group (the makers of the Pegasus spyware) - that exploits the WhatsApp flaw. Hackers can use the vulnerability to remotely insert malicious code and steal sensitive data from mobile devices just by placing a WhatsApp call, even if the victims don't answer.
Affected WhatsApp app versions
  • WhatsApp for Android: Any version before 2.19.134
  • WhatsApp Business for Android: Any version before 2.19.44
  • WhatsApp for iOS: Any version before 2.19.51
  • WhatsApp Business for iOS: Any version before 2.19.51
Recommendation
WhatsApp recommends users to upgrade to the latest version of the app which includes the recent security patch.
How
SEP Mobile
protects against the WhatsApp vulnerability
SEP Mobile
protects against the WhatsApp vulnerability by:
  • Identifying vulnerable WhatsApp apps
    SEP Mobile
    can identify the vulnerable WhatsApp iOS and Android apps that are affected by the flaw and mark them as risky in the Unwanted Apps policy.
    Symantec Endpoint Protection Mobile
    has a dedicated app vulnerability criterion ( "
    Vulnerable to remote code execution via WhatsApp call (CVE-2019-3568)
    ") that you can set to classify WhatsApp apps on iOS and Android devices.
  • Identifying an active exploitation of the flaw
    Symantec Endpoint Protection Mobile
    offers a robust multi-layered approach to identifying zero-day exploits including various indicators of compromise, advanced malware detection engines, content analysis, etc. It is a constantly-evolving effort based on in-house research, emerging mobile technologies, and developments in the market.
    No technical details were disclosed on the exploitation technique of the buffer overflow vulnerability in the WhatsApp VoIP stack. While the multi-layered approach is proven to be extremely effective, without the exact details describing the exploit
    Endpoint Protection Mobile
    cannot guarantee detecting active exploitation of CVE-2019-3568.
More information is available in the
Endpoint Protection Mobile
management console under the tab.