Facebook's WhatsApp says has fixed video call security bug
11 October, 2018
Facebook Inc’s WhatsApp messenger service said on October 10 it has fixed the latest bug on its platform that allowed hackers to take over users’ applications when they answered an incoming video call.
The announcement follows reports from technology websites ZDnet and The Register that the vulnerability, which affected WhatsApp applications on Apple and Android smartphones, was discovered in late August and was fixed by Facebook in early October.
“We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable. We promptly issued a fix to the latest version of WhatsApp to resolve this issue,” WhatsApp said in an email statement to Reuters.
A WhatsApp employee familiar with the dealing of the issue said there was no evidence that hackers actually exploited the bug to launch attacks. A Google spokesman also said the company was not aware of the bug ever being used in an attack before getting patched. But Travis Ormandy, a researcher at Google Project Zero which discovered the bug, called it a “big deal.”
“Just ++answering a call from an attacker could completely compromise WhatsApp,” he said on Twitter.
WhatsApp is used by more than 1.2 billion people around the world and is a key tool for communications and commerce in many countries. The service was acquired by Facebook in 2014 for $19 billion.
Facebook has suffered a string of security-related problems in the last year. The social media company last week disclosed its worst-ever security breach affecting nearly 50 million accounts. Facebook shares were down 1.2 per cent at $155.94 on October 10.