A critical vulnerability has been found in WhatsApp Messenger which permitted the hackers to remotely take complete control of your WhatsApp just by video calling you over the messaging app. This was found by Google Project Zero security researcher Natalie Silvanovich.
This flaw is due to the memory heap overflow issue which gets activated when a user receives a specially crafted malformed RTP packet via a video call request, which results in the corruption error and crashing the WhatsApp mobile app.
Since the vulnerability affect Real-time Transport Protocol implementation of Whatsapp, the flaw affects Android and iOS apps, and not WhatsApp Web that relies on WebRTC for video calls.
A proof-of-concept exploit was also published by the researcher along with the instructions for reproducing the WhatsApp attack.
This proof-of-concept only triggers memory corruption, another Google Project Zero researcher, Tavis Ormandy, claims that “This is a big deal. Just answering a call from an attacker could completely compromise WhatsApp.”
It does mean that hackers only need your phone number to completely hack your WhatsApp account and spy on your secret conversations.
The vulnerability was reported to the WhatsApp team in August this year. WhatsApp acknowledged it and patched the issue on September 28 in its Android client and on October 3 in its iPhone client.
Those users who haven’t updated your WhatsApp for Android or WhatsApp for iOS yet must do it at the earliest.