Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: whatsapp opening url in background
From: Ferran Pichel <ferran.pichel () foosec com>
Date: Fri, 15 Nov 2013 12:11:09 +0100
Hi, please, refer to the advisory:

http://foosec.com/docs/whatsapp.html

Here you have an abstract:

*WhatsApp <http://www.whatsapp.com/>* advisory published in *Nov-2013* about
an internal side effect - as they said - that may provoke, among others, a
DoS against the application and information disclosure as well, everything
without any kind of human interaction with the device. Already *solved in
version 2.11.134*.

Kind regards!


On Thu, Nov 14, 2013 at 5:58 PM, Ander Juaristi Alamos <ajuaristi () gmx es>wrote:


Hi Frank,

I just received a URL via Whatsapp from a friend, and I haven't noticed
that behavior. What's more, I don't remember if I ever noticed it.

Could you post more precise reproduction steps, please? How did you notice
that the URL was opened in background?

Thanks.



----- Mensaje original -----

De: Frank Habermann

Enviado: 14-11-13 13:02

Para: full-disclosure () lists grok org uk

Asunto: [Full-disclosure] whatsapp opening url in background


Hi List,

i wonder about url opening in background in whatsapp.
I am using an android phone.

If i send a url to some other user(with android) in whatsapp my whatsapp
and the the other user is opening the url in background without any user
interaction.
Is this normal?

I could reproduce this only on android. Not on ios.

Is this a android problem or a whatsapp problem?
Sounds very strange and insecure for me.

regards,
Frank

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]