Skip to main content

Update Whatsapp Or Risk Security Vulnerability

By October 19, 2019May 9th, 2022Cybersecurity

Do you use Whatsapp on an Android device?

If so, you’ll want to upgrade to the latest version as soon as possible.

Recently, a critical vulnerability being tracked as ‘CVE-2019-11932’ was discovered that allows hackers to gain access to your chat logs and personal information by sending you a poisoned GIF.

The flaw is called a “Double-free vulnerability” because it’s triggered when the free() parameter is called twice on the same value and argument inside the software.  When this happens, it causes memory in use to leak and become corrupted, opening the door to the execution of arbitrary code by a determined hacker.

The issue was discovered by an independent security researcher who goes by the name “Awakened.”  While his or her true identity is unknown, they published the technical specifications of the attack on GitHub, which revealed that the bug can be triggered in two ways.

The first way requires a piece of malware code to be injected on a target Android device.  This software generates a poisoned GIF which is used to hack Whatsapp via a collection of library data.

The second variant of the attack requires that a Whatsapp user be exposed to the poisoned GIF via other channels. For instance, if the poisoned file was sent directly to the user or inserted into a user’s gallery.

In any case, the company moved swiftly to patch the issue and if you’re not running a version below 2.19.244, you’re fine.  If you are running an older version than that, you should update immediately, and better yet, just set Whatsapp to receive automatic updates so issues like these won’t plague you in the future.

Two things should be stressed here:  First, this issue only seems to affect Whatsapp for Android. Second, so far, there’s no evidence that the attack has been seen used in the wild.  Nonetheless, it pays to upgrade right away because now that the details of the attack are publicly available, it’s just a matter of time.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.