14th May 2019 – A security vulnerability has been discovered in WhatsApp, which may allow an attacker to access private messages.
The good news is that an update has been released by parent company, Facebook to solve the issue. The update is quick and easy and is available for iPhones, Samsung, Huawei and other popular models.
The attack is delivered using what is called the ‘buffer overflow’ technique, whereby there is more data sent than the buffer (an allocated amount of memory) can handle in one go. The data overflows to an adjacent storage location on the device and, once there, malicious code can trigger an action. The code is believed to be delivered via a voice call and can even cover its tracks by removing evidence of the call which delivered the malicious code.
While WhatsApp messages are encrypted end-to-end (during transit between devices), the messages are decrypted once they land on the recipient device, so malicious code like this could potentially access these messages.
It’s a good idea to keep your phone up to date, don’t delay updating key apps or iOS. You can even set your iPhone to auto-update, go to Settings -> iTunes & App Store -> Automatic Downloads -> Updates