WhatsApp fixes a security issue in video calls
Natalie Silvanovich, security researcher at Google Project Zero, found a vulnerability in August 2018, reported later to WhatsApp, that could compromise an account by simply responding to a video call.
The vulnerability is memory heap overflow type and is found in the WhatsApp RTP implementation, so the bug affects both Android and iOS versions, but not WhatsApp Web, as it uses WebRTC for making video calls.
Ann Yeh, WhatsApp spokeswoman, said they regularly collaborate with security researchers around the world to ensure the application remains secure and reliable. The company released an update that resolves the bug on September 28, 2018 for the Android version and October 3, 2018 for the iOS version.
References:
- 09/10/2018 twitter.com Memory corruption bug in WhatsApp's non-WebRTC video conferencing implementation
- 10/10/2018 cnbc.com Facebook's WhatsApp says it fixed a video call security bug that let hackers hijack accounts
- 09/10/2018 thehackernews.com Just Answering A Video Call Could Compromise Your WhatsApp Account
- 10/10/2018 nakedsecurity.sophos.com How a WhatsApp call could have taken over your phone
- 10/10/2018 bleepingcomputer.com WhatsApp Fixes Vulnerability That’s Triggered by Answering a Call
- 10/10/2018 unaaldia.hispasec.com Fallo de seguridad en WhatsApp permite comprometer tu cuenta con solo responder una videollamada