Facebook can’t seem to catch a break from all the data leaks and it seems that WhatsApp also came close to being thrown under the bus. As per a ZDNet report, WhatsApp has fixed a serious vulnerability that was found by the end of August by Natalie Silvanovich, a security researcher with Google's Project Zero security research team. Silvanovich describes the flaw as a "memory corruption bug in WhatsApp's non-WebRTC video conferencing implementation," which, as per the vulnerability researcher Tavis Ormandy from Google, translates to an exploit in the video calling features of the app that could potentially enable hackers to “complete compromise WhatsApp.”
As per Silvanovich’s bug report, both, the Android and iOS versions of the app were affected by the bug as they use Real-time Transport Protocol (RTP) for initiating a video call. The web version of the chat app is not affected as it uses WebRTC for the same. "Heap corruption can occur when the WhatsApp mobile application receives a malformed RTP packet," states Silvanovich. "This issue can occur when a WhatsApp user accepts a call from a malicious peer." This issue was fixed on September 28 for Android and on October 3 for iPhone users.
"WhatsApp cares deeply about the security of our users. We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable. We promptly issued a fix to the latest version of WhatsApp to resolve this issue," a WhatsApp spokesperson told ZDNet. As per the report, WhatsApp says that the vulnerability was never exploited to carry out an attack on any user but they are advised to update to the newer version, just to be safe.
Facebook-owned WhatsApp is considered to be safe till now as there have been no major data leaks or compromises, which we know of. On the other hand, Facebook recently announced that the account data of 50 million users was exposed as attackers used a “technical vulnerability” in the “View As” feature in their profiles. You can learn more about this Facebook episode here.