A new vulnerability will affect WhatsApp, and to our suffering, Telegram too.
According to a report by cybersecurity company Symantec, there is a flaw that includes both applications in its Android version, and it will allow third parties to provide access to multimedia files sent and received by users.
This defect, known as “media file jacking”, is present at the time a file is sent and the other person receives it. In particular, when they are written to the smartphone’s external memory and loaded into the user interface.
In this way, it can affect both the sender and the recipient on the victim’s smartphone through malware.
It is at this time that these files can be accessed as they belong to a public directory to which another application may enter. Something that does not happen especially when you use an internal storage system.
In case the dependency is necessary for the application to run, it ought to be a manufacturing dependency. For most applications, Indirect dependencies compose the greater part of the general list.
When the vulnerability gets publicly known, the vendor must work quickly to resolve the matter to be able to safeguard its users. The present vulnerability in WhatsApp shows once again how important it’s to continue to keep your software updated.
Appears to be an ideal goal to be used, if you’ve got an RCE vulnerability in WhatsApp. There are a number of security and privacy options in your browser that you’re able to use to boost your protection.
Vulnerability assessments are most frequently confused with penetration tests and frequently used interchangeably, but they’re worlds apart.
They are designed to yield a prioritized list of vulnerabilities and are generally for clients who already understand they are not where they want to be in terms of security.
Therefore, you likely perform something like a vulnerability assessment to discover a great vuln to attack in a pentest, but you might just as easily locate a vuln within 20 minutes that gets you to your objective.
If you produce a new vulnerability assessment, you can choose a partner solution in the Azure Marketplace. Naturally, you don’t need either to do a risk analysis.
What follows is a fast review of the vulnerability. You may also generate and export reports on an assortment of aspects.
According to the investigation, the key to the problem is the “WRITEEXTERNALSTORAGE” permission, which allows reading files stored in the device’s external memory in real-time, regardless of who is accessing them.
How to protect yourself
For now, research recommends that automatic saving of files in WhatsApp be disabled like Telegram. In the first case, media visibility in the chat option in Settings and under Options.
Meanwhile, in other applications, all you need to do is to Chat Settings> Save to Gallery and disable this option.