The WhatsApp communication application is popular worldwide and used by approximately 1.5 billion users. Its advantage is an easy use and relatively good communication between individual users. However, the vulnerabilities do not avoid even this application, detected in its source code.
WhatsApp has issued a warning about 6 critical vulnerabilities that allow:
- remote code execution while playing a specifically recorded push-to-talk message (both in the client for Android and for iPhone),
- remote code execution while displaying a message in the WhatsApp Desktop application,
- obtaining information from the device, including e-mails, browsing history and location,
- access to financial information on a victim’s device,
- taking control of the microphone and camera on a victim’s device.
Individual vulnerabilities are tracked as CVE-2020-1894, CVE-2020-1891, CVE-2020-1890, CVE-2020-1889, CVE-2020-1886 and CVE-2019-11928.
The National Cyber Security Centre SK-CERT recommends that all users update the WhatsApp application immediately:
- for devices with iOS to version 2.20.35 and higher,
- for Android devices to version 2.20.35 or higher or 2.20.20 and higher,
- for the application desktop version to version 0.3.4932 and higher.
« Späť na zoznam