WhatsApp patches video call vulnerability that could potentially let hackers gain complete access

By Digit NewsDesk | Updated 11 Oct 2018
WhatsApp patches video call vulnerability that could potentially let hackers gain complete access
  • A memory corruption bug in WhatsApp that affected the app on both Android and iOS was patched recently.

Facebook can’t seem to catch a break from all the data leaks and it seems that WhatsApp also came close to being thrown under the bus. As per a ZDNet report, WhatsApp has fixed a serious vulnerability that was found by the end of August by Natalie Silvanovich, a security researcher with Google's Project Zero security research team. Silvanovich describes the flaw as a "memory corruption bug in WhatsApp's non-WebRTC video conferencing implementation," which, as per the vulnerability researcher Tavis Ormandy from Google, translates to an exploit in the video calling features of the app that could potentially enable hackers to “complete compromise WhatsApp.”

advertisements

As per Silvanovich’s bug report, both, the Android and iOS versions of the app were affected by the bug as they use Real-time Transport Protocol (RTP) for initiating a video call. The web version of the chat app is not affected as it uses WebRTC for the same. "Heap corruption can occur when the WhatsApp mobile application receives a malformed RTP packet," states Silvanovich. "This issue can occur when a WhatsApp user accepts a call from a malicious peer."  This issue was fixed on September 28 for Android and on October 3 for iPhone users.

"WhatsApp cares deeply about the security of our users. We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable. We promptly issued a fix to the latest version of WhatsApp to resolve this issue," a WhatsApp spokesperson told ZDNet. As per the report, WhatsApp says that the vulnerability was never exploited to carry out an attack on any user but they are advised to update to the newer version, just to be safe.

Facebook-owned WhatsApp is considered to be safe till now as there have been no major data leaks or compromises, which we know of. On the other hand, Facebook recently announced that the account data of 50 million users was exposed as attackers used a “technical vulnerability” in the “View As” feature in their profiles. You can learn more about this Facebook episode here.

advertisements
advertisements
Digit NewsDesk
The guy who answered the question 'What are you doing?' with 'Nothing'.
advertisements
ASK DIGIT

Recent Questions

RED HAT HACKERS???
t ruth pushpalatha
Sept 26, 2014
Responses
Comments
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment
advertisements