Facebook Inc’s WhatsApp messenger service said on Wednesday it has fixed the latest bug on its platform that allowed hackers to take over users’ applications when they answered an incoming video call.
The announcement follows reports from technology websites ZDnet and The Register that the vulnerability, which affected WhatsApp applications on Apple and Android smartphones, was discovered in late August and was fixed by Facebook in early October.
Commenting on the bug, subsequent breach and the constant scrutiny faced by WhatsApp, is Paul Bischoff, privacy advocate at Comparitech:
“I’m sceptical of the claim that this attack could allow a hacker to remotely take over the victim’s device and access their conversations. The proof of concept describes a memory heap overflow that causes the app to crash due to memory corruption but does not indicate that it would allow remote hijacking. How could a hacker take over an app if it’s just crashed?
That being said, WhatsApp has already patched the vulnerability, so users should be sure to update the app to prevent it from happening.
WhatsApp has had its fair share of high-profile vulnerabilities crop up in the past couple of years. As the most popular chat app in the world, it makes sense that it’s put under a microscope so that every possible vulnerability is discovered sooner or later. On the whole, however, WhatsApp provides reasonably secure end-to-end encryption for the average user, and I would certainly recommend it to privacy-conscious people.”