Around a month ago, WhatsApp fixed a devastating vulnerability (zero-day in that case) – it allowed someone to remotely hack a phone by simply initiating a WhatsApp voice call. The recipient didn’t even have to answer the call! That’s pretty scary! The good thing is – it has been fixed. For those interested reading about it more (if you haven’t by now) – Wired has a great article about it here. Now, let’s take a look at the release notes (Apple App Store release notes as of 18th June 2019): For the last three release versions (2.19.51, 2.19.60 and 2.19.61) all we see in the release notes is: “You can now see stickers in full size when you long press a notification.“. As we know, this very dangerous vulnerability was fixed in version 2.19.51 as per the CVE-2019-3568 security advisory note – listed only on a Facebook page, not mentioned anywhere else around WhatsApp, not on their website or changelog (as per the above). I think this an example of a very poor messaging and lack of transparency from Facebook. WhatsApp is used by over 1.5 billion users worldwide – a very large user base. This is a very...
Continue reading