WhatsApp has understood to have fixed a bug in its Android and iOS mobile app that allowed the hackers to let the app crash during incoming video calls.
According to a report in ZDNet on Wednesday, Facebook-owned WhatsApp, which has over 1.5 billion users, fixed the vulnerability this week. It is yet to be known how many users were affected.
The company is yet to issue a statement on this.
Natalie Silvanovich, a security researcher with Google’s Project Zero security research team, discovered the bug in WhatsApp video call.
“Heap corruption can occur when the WhatsApp mobile application receives a malformed RTP packet,” Silvanovich said in a bug report.
“This issue can occur when a WhatsApp user accepts a call from a malicious peer,” she added. She also published proof-of-concept code and instructions on how to reproduce the attack.
Memory corruption bug was found in WhatsApp’s “non-WebRTC” video conferencing implementation. WhatsApp web users were not impacted because it uses, what is called, WebRTC for video calls.
“Last week, Israel’s cyber-intelligence agency sent out an alert about a new hacking technique that relied on poorly secured voicemail inboxes to hijack WhatsApp accounts from their legitimate owners,” said the report.
“WhatsApp cares deeply about the security of our users. We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable. We promptly issued a fix to the latest version of WhatsApp to resolve this issue,” a WhatsApp spokesperson told ZDNet.
In the biggest-ever security breach after Cambridge Analytica scandal, Facebook last month admitted that hackers broke into nearly 50 million users’ accounts by stealing their “access tokens” or digital keys.
Facebook security team discovered the security issue on September 25 which was later fixed.
In the Cambridge Analytica scandal, data of nearly 87 million people was breached upon.