Last October, a cybersecurity researcher uncovered a double-free vulnerability, CVE-2019-11932, which could be used in attacks for compromising chat sessions, files, and messages. The security flaw could be triggered through a malicious application already installed on a target device or through the sending of a crafted, malicious GIF file. If exploited, the bug could result in the remote execution of code and was patched in WhatsApp version 2.19.244.
The latest security flaw, tracked as CVE-2019-11931 creates a cyber-attack vector for a hacker to steal information, remotely execute code, Install spywares, cause a denial of service attacks to the victim by sending a specially crafted MP4 file. The vulnerability has been marked as ‘Critical’. The new vulnerability is found in Android versions prior to 2.19.274; iOS versions prior to 2.19.100; Enterprise Client versions prior to 2.25.3; Business for Android versions prior to 2.19.104; Business for iOS versions prior to 2.19.100; and Windows Phone versions before and including 2.18.368.
Whatsapp has released an updated version after patching this vulnerability. Hence it is advised that all users get their WhatsApp updated to the latest version.
“We agree with the government of India’s strong statement about the need to safeguard the privacy of all Indian citizens. That is why we’ve taken this strong action to hold cyber attackers accountable and why WhatsApp is so committed to the protection of all user messages through the product we provide,” a WhatsApp spokesperson had said in a statement.