Do you use Whatsapp on an Android device?

If so, you'll want to upgrade to the latest version as soon as possible. Recently, a critical vulnerability being tracked as 'CVE-2019-11932' was discovered that allows hackers to gain access to your chat logs and personal information by sending you a poisoned GIF.

The flaw is called a "Double-free vulnerability" because it's triggered when the free() parameter is called twice on the same value and argument inside the software.  When this happens, it causes memory in use to leak and become corrupted, opening the door to the execution of arbitrary code by a determined hacker.

What was discovered about WhatsApp?

The issue was discovered by an independent security researcher who goes by the name "Awakened."  While his or her true identity is unknown, they published the technical specifications of the attack on GitHub, which revealed that the bug can be triggered in two ways.

The first way requires a piece of malware code to be injected on a target Android device.  This software generates a poisoned GIF which is used to hack Whatsapp via a collection of library data.

The second variant of the attack requires that a Whatsapp user be exposed to the poisoned GIF via other channels. For instance, if the poisoned file was sent directly to the user or inserted into a user's gallery.

In any case, the company moved swiftly to patch the issue and if you're not running a version below 2.19.244, you're fine.  If you are running an older version than that, you should update immediately, and better yet, just set Whatsapp to receive automatic updates so issues like these won't plague you in the future.

Our perspective

Two things should be stressed here:  First, this issue only seems to affect Whatsapp for Android. Second, so far, there's no evidence that the attack has been seen used in the wild.  Nonetheless, it pays to upgrade right away because now that the details of the attack are publicly available, it's just a matter of time.

As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there!"

Meanwhile, check out this report

This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.

Contact me if you would like me to speak at your association.

Used with permission from Article Aggregator