Natalie Silvanovich, a Google Project Zero security researcher, has uncovered a critical security flaw in WhatsApp. The flaw could allow a notorious actor to make a video call and take complete control of your messaging application.
Memory corruption bug in WhatsApp's non-WebRTC video conferencing implementation https://t.co/5sCmNznh4P
— Natalie Silvanovich (@natashenka) October 9, 2018
The bug report of the flaw states: “Heap corruption can occur when the WhatsApp mobile application receives a malformed RTP (Real-time Transport Protocol) packet.” This results in the crashing of WhatsApp app.
The Hacker News notes that the web client of WhatsApp remains unaffected by the flaw as it uses WebRTC for video call, instead of RTP.
The bug report further mentions that both the Android and iPhone applications are affected by the flaw. It also describes the steps to reproduce the issue.
The latest version of WhatsApp has fixed the issue; the Android version received the fix on September 28 and iPhone version got the same on October 3. It goes without saying that it’s advisable for you to update your apps in case you haven’t done so in past weeks.