A new WhatsApp security flaw could potentially allow hackers to break into smartphones, just by people answering simple calls…
A new WhatsApp security vulnerability could allow attackers to force crash the Android app, as soon as someone answers a call. The bug could also give hackers a way to get into smartphones, as well.
New WhatsApp Security Flaw Discovered
“Google Project Zero whizkid and Tamagotchi whisperer Natalie Silvanovich discovered and reported the flaw, a memory heap overflow issue, directly to WhatsApp in August. Now that a fix is out, Silvanovich can go public with details on the potentially serious flaw.
According to Silvanovich’s report, the bug is triggered when a user receives a malformed RTP packet, triggering the corruption error and crashing the application. In practice, the malformed packet that triggers the crash could be sent via a simple call request.
‘This issue can occur when a WhatsApp user accepts a call from a malicious peer,’ Silvanovich explained.”
At this time, it’s unknown if the security vulnerability could be exploited from remote code execution. But, that remains a possibility. Travis Ormandy, a Google researcher, calls the bug a “big deal.”
Since receiving the tip, WhatsApp issued a fix for it. So, users should immediately update to the latest version of the mobile app for Android.
In August, another WhatsApp vulnerability was discovered. The flaw made it possible for hackers to alter the content and sender’s name of a WhatsApp message. This included the ability to change quoted messages, along with other possibilities.