HOT LINE 1654

Alerts

Remote Code Execution (RCE) vulnerability on WhatsApp

14 May 2019

Security researchers discovered a Remote Code Execution (RCE) vulnerability on WhatsApp, which can be exploited by sending malicious codes to targeted phone numbers. Attackers could exploit the vulnerability by using the WhatsApp calling function to call a targeted user's mobile phone and remotely install surveillance software on the device. 

Affected Software

WhatsApp for Android prior to v2.19.134
WhatsApp Business for Android prior to v2.19.44 
WhatsApp for iOS prior to v2.19.51 
WhatsApp Business for iOS prior to v2.19.51 
WhatsApp for Windows Phone prior to v2.18.348 
WhatsApp for Tizen prior to v2.18.15

Recommendations

Users are advised to upgrade to the latest version of WhatsApp as soon as possible.

This can be done by updating the app through Google Play or the App Store.