We also have a special announcement. Our annual survey is now open if you would like to receive a FREE Snort calendar. This year's theme is "boar" games.
Today's release contains 16 new rules, seven modified rules and five new shared object rules.
Tuesday's release provides protection against a recently discovered vulnerability in WhatsApp that could allow an attacker to execute code on an Android device using a malicious GIF.
Talos has added and modified multiple rules in the browser-firefox, file-office, file-other, file-pdf, os-mobile, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
There is one group of rules we which to highlight:
- 51953 - 51956: These rules provide protection against a double-free vulnerability in the WhatsApp messaging app for Android. An attacker could exploit this vulnerability, identified as CVE-2019-11932, to carry out a variety of malicious activities, including memory leaks and arbitrary code execution. The exploitation of this bug requires the attacker to send a WhatsApp user a specially crafted GIF. These rules prevent attackers from carry out remote code execution through these GIFs. Tim Muniz wrote these rules.