‘WhatsApp close leak that led to crash after receiving call’

Oct

10

2018

According to Natalie Silvanovich, a researcher at Googles Project Zero security team, WhatsApp has closed a leak in its apps for Android and iOS, which could lead to a crash after receiving a call from an attacker.

Silvanovich describes her findings in an entry on the Project Zero bug tracker. There she writes in an update that WhatsApp released a patch on September 28 for Android and on October 3 for iOS. She states that a malicious caller was able to remotely trigger a WhatsApp crash in a target’s client by using a particular rtp package. Receiving that package leads to heap corruption according to the researcher.

She has made no attempt to turn her discovery into an exploit, she writes on Twitter . There she mentions that the leak has ‘a lot of potential’. It does not provide information about whether the vulnerability made it possible, for example, to execute code remotely. Project Zero colleague Tavis Ormandy states in his own tweet that it is a serious leak that only requires an attacker to make a call.

Viewing:-35

In: A Technology & Gadgets Asked By: [20320 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »


Star Points Scale

Earn points for Asking and Answering Questions!

Grey Sta Levelr [1 - 25 Grey Star Level]
Green Star Level [26 - 50 Green Star Level]
Blue Star Level [51 - 500 Blue Star Level]
Orange Star Level [501 - 5000 Orange Star Level]
Red Star Level [5001 - 25000 Red Star Level]
Black Star Level [25001+ Black Star Level]