{"id":1389,"date":"2019-05-14T14:54:24","date_gmt":"2019-05-14T19:54:24","guid":{"rendered":"https:\/\/cert.pa\/?p=1389"},"modified":"2019-05-14T14:54:24","modified_gmt":"2019-05-14T19:54:24","slug":"csirt-panama-aviso-2019-05-14-vulnerabilidad-critica-en-whatsapp","status":"publish","type":"post","link":"https:\/\/cert.pa\/?p=1389","title":{"rendered":"CSIRT Panam\u00e1 Aviso 2019-05-14 Vulnerabilidad cr\u00edtica en WhatsApp"},"content":{"rendered":"\n<p>Gravedad: Cr\u00edtica<br>\nFecha de publicaci\u00f3n: 14 mayo 2019<br>\nFecha de modificaci\u00f3n: 14 mayo 2019<br>\n\u00daltima revisi\u00f3n: Revisi\u00f3n A.<br>\nFuente: WhatsApp (Facebook security advisories), Sky news<\/p>\n\n\n\n<p>Sistemas Afectados<br>\n\u2022    WhatsApp para Android, versiones anteriores a 2.19.134.<br>\n\u2022    WhatsApp Business para Android, versiones anteriores a 2.19.44.<br>\n\u2022    WhatsApp y WhatsApp Business para iOS, versiones anteriores a 2.19.51.<br>\n\u2022    WhatsApp para Windows Phone, versiones anteriores a 2.18.348.<br>\n\u2022    WhatsApp para Tizen, versiones anteriores a 2.18.15.<\/p>\n\n\n\n<p>I. Descripci\u00f3n<br>\nLa empresa Facebook, quien compr\u00f3 la aplicaci\u00f3n m\u00f3vil WhatsApp, ha publicado un aviso de seguridad sobre una vulnerabilidad cr\u00edtica que afecta la aplicaci\u00f3n de mensajer\u00eda en m\u00faltiples plataformas. La vulnerabilidad de c\u00f3digo CVE-2019-3568 permite a un atacante ejecutar c\u00f3digo arbitrario de forma remota mediante el env\u00edo de paquetes especialmente dise\u00f1ados mediante una llamada en WhatsApp. La vulnerabilidad es peligrosa porque un atacante podr\u00e1 ganar acceso al tel\u00e9fono de una v\u00edctima, aunque la misma no conteste la llamada. La \u00fanica manera de protegerse ante esta vulnerabilidad es actualizando la versi\u00f3n de WhatsApp.<\/p>\n\n\n\n<p>Para mayor informaci\u00f3n, referirse a la &#8220;secci\u00f3n III. Referencia a soluciones, herramientas e informaci\u00f3n&#8221;.<\/p>\n\n\n\n<p>II. Impacto<br>\nComplejidad de Acceso: Alta.<br>\nAutenticaci\u00f3n: No requerida para explotarla.<br>\nTipo de impacto: Compromiso parcial o total del sistema.<\/p>\n\n\n\n<p>III. Referencia a soluciones, herramientas e informaci\u00f3n<br> a. <a href=\"https:\/\/www.facebook.com\/security\/advisories\/cve-2019-3568\">https:\/\/www.facebook.com\/security\/advisories\/cve-2019-3568<\/a><br> b. <a href=\"https:\/\/news.sky.com\/story\/what-you-need-to-do-about-the-whatsapp-vulnerability-11719552\">https:\/\/news.sky.com\/story\/what-you-need-to-do-about-the-whatsapp-vulnerability-11719552<\/a> <\/p>\n\n\n\n<p>IV. Informaci\u00f3n de contacto<br>\nCSIRT PANAMA<br>\nAutoridad Nacional para la Innovaci\u00f3n Gubernamental<br>\nE-mail: info@cert.pa<br>\nWeb:   http:\/\/www.cert.pa<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Gravedad: Cr\u00edtica Fecha de publicaci\u00f3n: 14 mayo 2019 Fecha de modificaci\u00f3n: 14 mayo 2019 \u00daltima revisi\u00f3n: Revisi\u00f3n A. Fuente: WhatsApp (Facebook security advisories), Sky news Sistemas Afectados \u2022 WhatsApp para Android, versiones anteriores a 2.19.134&#8230;.<\/p>\n","protected":false},"author":4,"featured_media":1390,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1389","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-avisos-de-seguridad"],"_links":{"self":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1389","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1389"}],"version-history":[{"count":1,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1389\/revisions"}],"predecessor-version":[{"id":1391,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/posts\/1389\/revisions\/1391"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=\/wp\/v2\/media\/1390"}],"wp:attachment":[{"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1389"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1389"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert.pa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1389"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}