HKCERT logo Hong Kong Computer Emergency Response Team Coordination Centre

HKCERT logo Hong Kong Computer Emergency Response Team Coordination Centre

Security Blog

Stay Cautious to the Latest WhatsApp Buffer Overflow Vulnerability

Release Date: 14 / 05 / 2019
Last Update: 15 / 05 / 2019

HKCERT noted the recent discovery of a buffer overflow vulnerability in messaging app WhatsApp. Hackers may exploit this vulnerability to inject spyware for remote code execution, and to bypass security restriction to eavesdrop on calls; turn on the microphone and camera functions; access the photos, contacts, and other phone information of the users' mobile devices; and even alter their call records.

Due to the potential serious ramifications of the issue, the related software vendor has promptly provided fixes and released the latest version to stem the vulnerability. Hence, HKCERT urges the messaging app users to go to the official store immediately and update the app to the latest version. Meanwhile, HKCERT also recommends mobile users to install and update the anti-virus application on their devices and undertake regular scanning for malware and malicious websites. Besides, they should ensure the operating system of their devices updated to the latest version.

Should users have any question on the related vulnerability, please feel free to contact us via email: [email protected] or our 24-hour telephone hotline: 8105 6060. We are welcome to provide assistance and security advisory. HKCERT will continue monitoring the latest development of this vulnerability. Should there be any further updates, we will timely issue the information to the public.