‘WhatsApp close leak that led to crash after receiving call’




According to Natalie Silvanovich, a researcher at Googles Project Zero security team, WhatsApp has closed a leak in its apps for Android and iOS, which could lead to a crash after receiving a call from an attacker.

Silvanovich describes her findings in an entry on the Project Zero bug tracker. There she writes in an update that WhatsApp released a patch on September 28 for Android and on October 3 for iOS. She states that a malicious caller was able to remotely trigger a WhatsApp crash in a target’s client by using a particular rtp package. Receiving that package leads to heap corruption according to the researcher.

She has made no attempt to turn her discovery into an exploit, she writes on Twitter . There she mentions that the leak has ‘a lot of potential’. It does not provide information about whether the vulnerability made it possible, for example, to execute code remotely. Project Zero colleague Tavis Ormandy states in his own tweet that it is a serious leak that only requires an attacker to make a call.


In: A Technology & Gadgets Asked By: [22801 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »