Skip to main content

PSA: WhatsApp security flaw could be triggered simply by answering a call – fix available

A WhatsApp security vulnerability could allow attackers to crash the Android app as soon as you answer a call, and could potentially be used to hack your smartphone …

The Register reports that the flaw was reported to WhatsApp in August, and has been patched in the latest version – so you’ll want to check for an update.

Google Project Zero whizkid and Tamagotchi whisperer Natalie Silvanovich discovered and reported the flaw, a memory heap overflow issue, directly to WhatsApp in August. Now that a fix is out, Silvanovich can go public with details on the potentially serious flaw.

According to Silvanovich’s report, the bug is triggered when a user receives a malformed RTP packet, triggering the corruption error and crashing the application. In practice, the malformed packet that triggers the crash could be sent via a simple call request.

“This issue can occur when a WhatsApp user accepts a call from a malicious peer,” Silvanovich explained.

It’s not clear whether the WhatsApp security flaw could be exploited for remote code execution, but this is a possibility, and a sufficient risk for a fellow Google researcher to describe it as ‘a big deal.’

“This is a big deal,” tweeted Travis Ormandy. “Just answering a call from an attacker could completely compromise WhatsApp.”

The Register says it is still waiting to hear from Google on more details, for example whether the desktop app is similarly affected.

It’s not the first time of late that a WhatsApp security issue has been identified. Back in August, it was discovered that it was possible for an attacker to change both the content and the sender of a WhatsApp message after you’ve received it.

Image: Shutterstock


Check out 9to5Google on YouTube for more news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel