Urgent! Update WhatsApp NOW to add new sticker support

Graham Cluley

Whatsapp featured

Urgent! Update WhatsApp now to add new sticker support

As the Financial Times, TechCrunch, and everyone else is reporting today, users of WhatsApp are being urged to update as soon as possible after a serious security exploit was discovered.

I know because I’ve had some members of the media contact me, including one TV show that I declined to appear on.

So what’s the problem?

A buffer overflow vulnerability in Facebook-owned WhatsApp allowed spyware developed by the Israeli firm NSO Group to be installed on targeted devices. Attackers could simply call a smartphone to infect it – the intended target didn’t even need to answer the call. According to the Financial Times report, incoming call logs could be erased to hide evidence that an attack had taken place.

The Financial Times reports that the attack was used against an unnamed UK-based lawyer on 12 May. A successful infection by the malware, known as Pegasus, would allow a remote attacker to steal a gallimaufry of information – including sensitive messages, address books, email archive, browser history, GPS location, and even hijacking a device’s camera and microphone.

According to a curt security advisory issued by Facebook, the following versions of WhatsApp are affected:

  • WhatsApp for Android prior to v2.19.134
  • WhatsApp Business for Android prior to v2.19.44
  • WhatsApp for iOS prior to v2.19.51
  • WhatsApp Business for iOS prior to v2.19.51
  • WhatsApp for Windows Phone prior to v2.18.348
  • WhatsApp for Tizen prior to v2.18.15

So, if you use WhatsApp, you should update the app as quickly as possible.

Chances are that you aren’t high on the list of users that attackers are likely to target with this exploit, but it’s better to be safe than sorry. Anyway, you want to be able to see stickers, right?

You see, the latest WhatsApp update makes no mention of a security fix being included. It just talks about stickers instead.

Urgent! Update WhatsApp now to add new sticker support

I wonder how many millions of people will be unsure today whether they’re using the fixed version of WhatsApp or not?

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “Urgent! Update WhatsApp NOW to add new sticker support”

  1. For my sins, I run WhatsApp Beta on Android and naively thought it was patched the other day because its version number met the advisory conditions (v2.19.139) and there were no updates available.

    An update has now been made available (v2.19.143) that includes the single release note "Security fix for CVE-2019-3568."

    So when it comes to release notes, at least someone is getting the message there. I wonder if they'll reflect this on the next mainstream update.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES