En bugg i WhatsApp har exploaterats med hjälp av mjukvara som utvecklats av israeliska NSO Group, skriver Financial Times. Med hjälp av mjukvaran så har aktivister kunnat avlyssnas, skriver tidningen.
Buggen kunde exploateras och mjukvaran har gått att installera genom att ringa upp en sårbar enhet. Från och med i fredags förra veckan så ska buggan vara ååtgärda och WhatsApp ska inte längre vara möjlig att avlyssna på detta sätt.
A representative of WhatsApp, whoch is used by 1.5 billion people, told Ars that company researchers discovered the vulnerability earlier this month while they were making security improvements. CVE-2019-3568, as the vulnerability has been indexed, is a buffer overflow vulnerability in the WhatsApp VOIP stack that allows remote code execution when specially crafted series of SRTCP packets are sent to a target phone number, according to this advisory.
According to the Financial Times, exploits worked by calling either a vulnerable iPhone or Android device using the WhatsApp calling function. Targets need not have answered a call, and the calls often disappeared from logs, the publication said. The WhatsApp representative said the vulnerability was fixed in updates released on Friday.
Financial Times (betalvägg)
0 kommentarer