News

WhatsApp closes leak that led to crash after receiving a call

By admin
Spread the love

According to Natalie Silvanovich, a researcher with Google’s Project Zero security team, WhatsApp patched a vulnerability in its apps for Android and iOS that could lead to a crash after receiving a call from an attacker.

Silvanovich describes her findings in an entry on Project Zero’s bug tracker. There she writes in an update that WhatsApp released a patch on September 28 for Android and on October 3 for iOS. She claims that a malicious caller was able to remotely crash WhatsApp into a target’s client by using a certain RTP package. According to the researcher, receiving that packet leads to heap corruption.

She has made no attempt to turn her discovery into an exploit, she writes on Twitter. There she mentions that the leak does have ‘a lot of potential’. It does not provide any information on whether the vulnerability, for example, allowed remote code execution. Project Zero colleague Tavis Ormandy poses in a private tweet that it is a serious vulnerability that only requires an attacker to place a call.

You might also like
News

X begins to deploy the audio and video calling function (but only paying users can…

News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Telegram has over 800 million active users and is not yet profitable

News

Brave sells web content as data for AI training