Notification

Icon
Error

WhatsApp Mobile Zero-Day Vulnerability

Posted: Tuesday, May 14, 2019 10:04:46 AM(UTC)
Esben.D

Esben.D

Member Administration Original PosterPosts: 1,685
1
Like
Facebook released a new version of the WhatsApp mobile application in order to fix CVE-2019-3568, a critical zero-day vulnerability which allows for spyware installation on mobile devices.

To find an detect Intune mobile devices that have an outdated WhatsApp version, you can run the report below. You can learn more about mobile device scanning through Intune here. Please note that you will need Lansweeper version 7.1 or higher to use Intune mobile device scanning. Instructions to run this report can be found here: https://www.lansweeper.c...How-to-run-a-report.aspx

This report checks whether your application's version is not on the latest one at the moment of publishing. If not, the device will show as vulnerable in red.

Code:
Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tsysAssetTypes.AssetTypeIcon10 As icon,
  tblADusers.Username,
  tsysAssetTypes.AssetTypename As AssetType,
  tblIntuneDevice.Manufacturer,
  tblIntuneDevice.Model,
  tblIntuneDevice.OperatingSystem As OS,
  tblIntuneDevice.OsVersion,
  tblIntuneApplication.DisplayName,
  tblIntuneApplication.Version,
  Case 
when tblIntuneDevice.OperatingSystem Like '%iOS%' AND tblIntuneApplication.DisplayName = 'Whatsapp' AND 
tblIntuneApplication.Version NOT LIKE '2.19.51%' then 'Vulnerable'
when tblIntuneDevice.OperatingSystem Like '%iOS%' AND tblIntuneApplication.DisplayName Like '%Whatsapp%Business%' AND 
tblIntuneApplication.Version NOT LIKE '2.19.51%' then 'Vulnerable'

when tblIntuneDevice.OperatingSystem Like '%Android%' AND tblIntuneApplication.DisplayName = 'Whatsapp' AND 
tblIntuneApplication.Version <> '2.19.134' then 'Vulnerable'
when tblIntuneDevice.OperatingSystem Like '%Android%' AND tblIntuneApplication.DisplayName Like '%Whatsapp%Business%' AND 
tblIntuneApplication.Version <> '2.19.44' then 'Vulnerable'

when tblIntuneDevice.OperatingSystem Like '%Windows%' AND tblIntuneApplication.DisplayName = '%Whatsapp%' AND 
tblIntuneApplication.Version <> '2.18.348' then 'Vulnerable'
when tblIntuneDevice.OperatingSystem Like '%Tizen%' AND tblIntuneApplication.DisplayName Like '%Whatsapp%' AND 
tblIntuneApplication.Version <> '2.18.15' then 'Vulnerable'
    Else 'Safe'
  End As [Vulnerable/Safe],
  tblIntuneDevice.SubscriberCarrier,
  tblIntuneDevice.Imei,
  tblIntuneDevice.SerialNumber,
  tblIntuneDevice.EnrolledDateTime,
  tblIntuneDevice.LastSyncDateTime,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
Case 
when tblIntuneDevice.OperatingSystem Like '%iOS%' AND tblIntuneApplication.DisplayName = 'Whatsapp' AND 
tblIntuneApplication.Version NOT LIKE '2.19.51%' then '#ffadad'
when tblIntuneDevice.OperatingSystem Like '%iOS%' AND tblIntuneApplication.DisplayName Like '%Whatsapp%Business%' AND 
tblIntuneApplication.Version NOT LIKE '2.19.51%' then '#ffadad'

when tblIntuneDevice.OperatingSystem Like '%Android%' AND tblIntuneApplication.DisplayName = 'Whatsapp' AND 
tblIntuneApplication.Version <> '2.19.134' then '#ffadad'
when tblIntuneDevice.OperatingSystem Like '%Android%' AND tblIntuneApplication.DisplayName Like '%Whatsapp%Business%' AND 
tblIntuneApplication.Version <> '2.19.44' then '#ffadad'

when tblIntuneDevice.OperatingSystem Like '%Windows%' AND tblIntuneApplication.DisplayName = '%Whatsapp%' AND 
tblIntuneApplication.Version <> '2.18.348' then '#ffadad'
when tblIntuneDevice.OperatingSystem Like '%Tizen%' AND tblIntuneApplication.DisplayName Like '%Whatsapp%' AND 
tblIntuneApplication.Version <> '2.18.15' then '#ffadad'
    Else '#d4f4be'
  End As backgroundcolor
From tblAssets
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tblAssetCustom On tblAssetCustom.AssetID = tblAssets.AssetID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Inner Join tblIntuneDevice On tblIntuneDevice.AssetId = tblAssets.AssetID
  Left Join tblADusers On Lower(tblIntuneDevice.EmailAddress) In
    (Lower(tblADusers.email), Lower(tblADusers.UPN))
  Inner Join tblIntuneDeviceApplication On tblIntuneDevice.Id =
    tblIntuneDeviceApplication.IntuneDeviceId
  Inner Join tblIntuneApplication On tblIntuneApplication.Id =
    tblIntuneDeviceApplication.IntuneApplicationId
Where tblIntuneApplication.DisplayName Like '%Whatsapp%' And
  tblState.Statename = 'Active'
Order By tblAssets.AssetName

Active Discussions

Lansweeper Clients missing specific Office feature
by  CyberCitizen   Go to last post Go to first unread
Last post: Today at 1:28:26 AM(UTC)
Report Center Windows 10 compliance (color-coded)
by  CyberCitizen  
Go to last post Go to first unread
Last post: Today at 1:15:07 AM(UTC)
Lansweeper User association report query
by  endyk   Go to last post Go to first unread
Last post: Yesterday at 9:47:25 PM(UTC)
Lansweeper Report for SSAS and SSIS
by  The Boss  
Go to last post Go to first unread
Last post: 6/25/2019 6:53:21 PM(UTC)
Lansweeper Firefox 67.0.3 zero-day vulnerability
by  Esben.D   Go to last post Go to first unread
Last post: 6/25/2019 3:34:44 PM(UTC)
Lansweeper PO Box Query
by  kmoc  
Go to last post Go to first unread
Last post: 6/25/2019 11:16:28 AM(UTC)
Lansweeper Computer Age Chart Report
by  CyberCitizen   Go to last post Go to first unread
Last post: 6/25/2019 8:40:47 AM(UTC)
Lansweeper Dell SupportAssist CVE-2019-12280
by  Esben.D  
Go to last post Go to first unread
Last post: 6/24/2019 9:15:20 AM(UTC)