WhatsApp has issued a fix for the video call exploit that allowed hackers to take control of user’s accounts. The exploit affected both Android and iOS devices and would affect anyone who used the video call feature of the app.
The exploit was first discovered by Google security researcher Natalie Silvanovich found the exploit in late August, but was disclosed after WhatsApp rolled out the fix. The company patched the flaws on September 28th for Android users and October 3rd for iOS. The exploit allowed an attacker to send a malformed Real-time Transport Protocol packet which would then corrupt the app’s heap memory and open it to attack. Web users weren’t affected, since the browser-based client relies on the WebRTC protocol.
A WhatsApp’s spokesperson confirmed that there was no evidence of the exploit being used on the users. However, this month has been bad for companies and especially Facebook who coincidently owns WhatsApp as well. That said, the best way to protect against attacks is to stay vigilant and keep your apps updated.