WhatsApp Fixes Bug That Lets Hackers Crash App By Simply Placing A Call

A vulnerable spot in WhatsApp, that could have been used by hackers to crash users’ app just by placing a call, has been patched. The bug could have affected both android and iPhone users.

The flaw, a memory heap overflow issue, was discovered by Natalie Silvanovich, who then reported it directly to WhatsApp in August.

Silvanovich said that the heap corruption can occur when a WhatsApp application receives a malformed real-time transport protocol (RTP) packet, resulting in crashing of the application. The RTP is a network protocol for delivering audio and video over IP networks. The malformed packet that triggers the crash could be sent via a simple call request.

"This issue can occur when a WhatsApp user accepts a call from a malicious peer. It affects both the Android and iPhone clients." Silvanovich explained.

WhatsApp rushed to fixed the bug as soon as it was informed in August. The bug was fixed on 28 September in the Android client and on 3 October in the iPhone client.

The users have to just update their WhatsApp application to the latest version on Android and iOS in order to get the fix.

Facebook, which owns WhatsApp, has released a statement saying it reacted "promptly" to fix the issue once it was identified.

"We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable," the statement said.