Urgent! Update WhatsApp NOW to add new sticker support

Urgent! Update WhatsApp now to add new sticker support

As the Financial Times, TechCrunch, and everyone else is reporting today, users of WhatsApp are being urged to update as soon as possible after a serious security exploit was discovered.

I know because I’ve had some members of the media contact me, including one TV show that I declined to appear on.

So what’s the problem?

A buffer overflow vulnerability in Facebook-owned WhatsApp allowed spyware developed by the Israeli firm NSO Group to be installed on targeted devices. Attackers could simply call a smartphone to infect it – the intended target didn’t even need to answer the call. According to the Financial Times report, incoming call logs could be erased to hide evidence that an attack had taken place.

The Financial Times reports that the attack was used against an unnamed UK-based lawyer on 12 May. A successful infection by the malware, known as Pegasus, would allow a remote attacker to steal a gallimaufry of information – including sensitive messages, address books, email archive, browser history, GPS location, and even hijacking a device’s camera and microphone.

According to a curt security advisory issued by Facebook, the following versions of WhatsApp are affected:

  • WhatsApp for Android prior to v2.19.134
  • WhatsApp Business for Android prior to v2.19.44
  • WhatsApp for iOS prior to v2.19.51
  • WhatsApp Business for iOS prior to v2.19.51
  • WhatsApp for Windows Phone prior to v2.18.348
  • WhatsApp for Tizen prior to v2.18.15

So, if you use WhatsApp, you should update the app as quickly as possible.

Chances are that you aren’t high on the list of users that attackers are likely to target with this exploit, but it’s better to be safe than sorry. Anyway, you want to be able to see stickers, right?

You see, the latest WhatsApp update makes no mention of a security fix being included. It just talks about stickers instead.

Urgent! Update WhatsApp now to add new sticker support

I wonder how many millions of people will be unsure today whether they’re using the fixed version of WhatsApp or not?

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Urgent! Update WhatsApp NOW to add new sticker support”

  1. John Crowther

    For my sins, I run WhatsApp Beta on Android and naively thought it was patched the other day because its version number met the advisory conditions (v2.19.139) and there were no updates available.

    An update has now been made available (v2.19.143) that includes the single release note "Security fix for CVE-2019-3568."

    So when it comes to release notes, at least someone is getting the message there. I wonder if they'll reflect this on the next mainstream update.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.