Whether we like it or not, the security of our smartphone is a problem that affects us every day and that has developers as the first containment dam against hackers: If the applications we install are not secure, the system weakens and all our personal data is at risk to be stolen or disposed of. It is evident that we also have our share of responsibility, maintaining healthy habits and not committing small imprudence that in the end we end up paying.
Be that as it may, WhatsApp is one of those apps that we use every day, so its security should concern us. And it has been the company itself that has taken the step of creating a place to go to consult all those failures that are closing and that affect our security. One by one.
New query resource
This web page that WhatsApp has just launched will be in charge of telling us what problems they have corrected and, very importantly, the versions that have been affected through these holes. This information will help us to compare the releases that we have installed on our devices and, if they have not been updated in a long time, to do so as soon as possible to avoid problems.
At the opening of this informative WhatsApp resource, those of Facebook have released up to six problems that they have solved in recent dates, so it is to be expected that as the days go by, they will include new updates. Here you have them all:
- CVE-2020-1894: “stack write” overflow that could have allowed the infection of malicious code, making it easier to “execute arbitrary code when playing a push-to-talk message” (versions of WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android v2.20.20, WhatsApp for iPhone v2.20.3 and WhatsApp Business for iPhone v2.20.30)
- CVE-2020-1891: “user controlled parameter used in video calls” that could have allowed “out of bounds write on 32 bit devices” (versions of WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android v2.20.7, WhatsApp for iPhone v2.20.20 and WhatsApp Business for iPhone v2.20.20)
- CVE-2020-1890: validation problem that “could have caused the recipient of a sticker message that contained deliberately malformed data will load an image from a URL controlled by the sender without user interaction“(versions of WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android v2.20.2)
- CVE-2020-1889: “Bypass security features” issue that could have allowed “sandbox escape in Electron and privilege escalation if combined with a remote code execution vulnerability within the rendering process of the test area “(versions of WhatsApp Desktop prior to v0.3.4932)
- CVE-2020-1886: buffer overflow that “could have allowed out of bounds write via video stream specially designed after receiving and answering a malicious video call “(versions of WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android v2.20.2)
- CVE-2019-11928: “input validation” issue that could have caused “scripting between sites [web] clicking on a link in a specially crafted location message “(versions of WhatsApp for Desktop prior to v0.3.4932)