WhatsApp has fixed a video call-based account hijack exploit
The developers of WhatsApp have just patched a serious security exploit that researchers at Google discovered back in August.
The Android and iOS releases of the messaging, voice, and video calling service have been updated to remove the exploit, which was referred to as a "memory corruption bug in WhatsApp's non-WebRTC video conferencing implementation" by Natalie Silvanovich, a Google Project Zero security researcher. The bug enabled attackers to take over a user's installation of the application when answering a video call.
This bug only impacted the Android and iOS versions of WhatsApp and not the web version of it because of the difference in protocols utilized. For Android and iOS, WhatsApp uses the Real-time Transport Protocol (RTP); for the web version, the Web Real-Time Communication (https://alternativeto.net/software/webrtc/) protocol is used.
In a statement to ZDNet, WhatsApp said that it found no evidence of this exploit being used to attack users.