WhatsApp has fixed a video call-based account hijack exploit

Written over 1 year ago by IanDorfman

The developers of WhatsApp have just patched a serious security exploit that researchers at Google discovered back in August.

The Android and iOS releases of the messaging, voice, and video calling service have been updated to remove the exploit, which was referred to as a "memory corruption bug in WhatsApp's non-WebRTC video conferencing implementation" by Natalie Silvanovich, a Google Project Zero security researcher. The bug enabled attackers to take over a user's installation of the application when answering a video call.

This bug only impacted the Small Android iconAndroid and Small iOS iconiOS versions of WhatsApp and not the web version of it because of the difference in protocols utilized. For Android and iOS, Small WhatsApp iconWhatsApp uses the Real-time Transport Protocol (RTP); for the web version, the Web Real-Time Communication (Small WebRTC iconWebRTC) protocol is used.

In a statement to ZDNet, WhatsApp said that it found no evidence of this exploit being used to attack users.

Further coverage:
ZDNet
Engadget