WhatsApp has disclosed and fixed a massive security flaw in the messaging platform.
As reported by ZDNet, the flaw allowed attackers to take over anyone’s WhatsApp account by simply calling them using a video call.
If a WhatsApp user answered the call, the attackers could take over their account using a malformed Real-time Transport Protocol packet.
This corrupted the WhatsApp app’s heap memory, and the attacks could be used against both iOS and Android users.
Google security researcher Natalie Silvanovich found the bug in August, and WhatsApp fixed it on 28 September for Android. WhatsApp for iOS was fixed on 3 October.
Fortunately, there are no reported cases of the exploit being used against ordinary users – but those who do not answer calls from unknown contacts potentially saved themselves from the attack.