You have heard of WhatsApp – of course, the messenger app with more than 1.5 billion monthly active users. Despite or perhaps because of its popularity, there seems to be a constant flow of horrible security issues: The most recent one is a bug that lets hackers take over the app when someone answers a video call.
One call is enough
Google Project Zero researcher Natalie Silvanovich has discovered a bug in WhatsApp that allows attackers to compromise the Messenger by placing a simple call. To trigger the bug the mobile app needs to receive a malformed RTP packet. This packet will then trigger the error and crash the messenger. According to the report both Android and iPhone clients are affected because they both use the needed protocol.
Memory corruption bug in WhatsApp’s non-WebRTC video conferencing implementation https://t.co/5sCmNznh4P
— Natalie Silvanovich (@natashenka) 9. Oktober 2018
There were no further comments as to if one could use the vulnerability in order to exploit it further. Chances are high though, that some clever cybercriminals would have found a way to do so – RTP apparently has a lot of options that could be triggered.
Update your WhatsApp client now
Luckily the issue was already fixed by WhatsApp in the update released this week. This means that if you want to stay secure you just need to download the latest version from GooglePlay or the App Store.