This is what was discovered byNatalie Silvanovich, a security researcher with Googles Project Zero security research team.
Silvanovich reported the vulnerability to WhatsApp at the end of August this year.
The vulnerability is a memory heap overflow issue.
In other words, it is a memory corruption bug in WhatsApps non-WebRTC video conferencing implementation.
It affects both the Android and iPhone clients.
Silvanovich also published proof-of-concept code, along with instructions for reproducing the WhatsApp attack.
The vulnerability only affects Android and iOS apps, since they use the RTP for video conferencing.
On the other hand, WhatsApp Web that depends on WebRTC for video calls was unaffected.
This is a big deal.
Just answering a call from an attacker could completely compromise WhatsApp, Ormandy said.
source: www.techworm.net
