A potentially serious flaw in Whatsapp causing a memory leak, had potential to cause crashes to the app The Register revealed.
This is a big deal. Just answering a call from an attacker could completely compromise WhatsApp. https://t.co/vjHuWt8JYa
— Tavis Ormandy (@taviso) October 9, 2018
The trigger for the flaw was based around receipt of a call, reported by Googler Natalie Silvanovich, the basic detail is outlined as “Heap corruption can occur when the WhatsApp mobile application receives a malformed RTP packet”.
Like any security or stability flaw discovered by ethical third parties, when reported to the software vendor they have a set period of time to respond or fix it outright before the flaw is made public. In this case, Silvanovich noted that they had 90 days to respond.
This bug is subject to a 90 day disclosure deadline. After 90 days elapse or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public.
This trigger results in the app crashing for the user (Android or iOS) and while there’s no specific mention of any other potential issues that may arise from this, there’s always the possibility of something nefarious occurring. This makes keeping your apps up to date so much more important and the good news is that the flaw has been addressed with the most recent update to Android and iOS apps.
Do potential security flaws in communications software concern you, or do you consider it part of online life?