Home / Mobile Phones / Windows Phone / Windows Phone: WhatsApp patches flaw allowing easy installation of Pegasus spyware | SC Media – SC Magazine

Windows Phone: WhatsApp patches flaw allowing easy installation of Pegasus spyware | SC Media – SC Magazine

Windows Phone:

Facebook posted a security advisory for a buffer overflow vulnerability in its subsidiary WhatsApp that could allow an attacker to install Pegasus spyware on victims devices.

The  Israeli NSO group developed spyware allows its users to turn on a phone’s camera and mic, scan emails and messages, and collect the user’s location data and can be exploited by injecting the malware by simply calling the target without a trace and without the need for the victim to answer their device.

The vulnerability affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” said WhatsApp in a statement.

StarLeaf CTO William MacDonald called the vulnerability an extremely severe security hole for similar reasons.

“Despite instant messaging becoming a growing part of our culture of communication, social platforms are often unwisely used for the businesses,” MacDonald said. “This example clearly demonstrates that there are many organizations aggressively hunting for flaws in consumer applications for commercial gain and for use by third parties.”

MacDonald  added that because consumer apps are not designed for business usage, it is the responsibility of every employee to only adopt the right solutions to minimize risk and protect users’ data (company & customer).

Wandera Vice President of Engineering Mike Campin considered the attack “deeply worrying” and said it “shows how even the most trusted mobile apps and platforms can be vulnerable.”

“While this attack is based on a previously identified exploit known as Pegasus, the fact that it has been repackaged into a form that can be delivered via a simple WhatsApp call has shocked many,” Campin said.

Campin added that despite the app not typically being used as a corporate messaging application, it is widely used on both employees’ personal devices and on corporate-is

Read More

About admin

Check Also

Windows Phone: Apple iPhones and iPads are still missing a feature that’s critical for parents and workers. And it’s even more baffling now that it’s available on Apple TV. (AAPL)

Windows Phone: Apple iPhones and iPads are still missing a feature that’s critical for parents and workers. And it’s even more baffling now that it’s available on Apple TV. (AAPL)

I have to say, I felt like Apple was trolling me Monday. I know that's irrational, but still. Among the many new products and features company officials announced at the iPhone maker's developer conference in San Jose, one stood out to me: support for multiple profiles in tvOS, the operating system that underlies its Apple…

Leave a Reply

Your email address will not be published. Required fields are marked *