Users of WhatsApp, Facebook’s widely popular messaging app, were encouraged Tuesday to install the latest version to avoid falling victim to a recently detected software bug.
Israeli cybersecurity firm Check Point said its researchers recently detected and then helped to mitigate a vulnerability that could be weaponized against WhatsApp users.
WhatsApp allows users to engage in group chats containing up to 256 participants. Check Point said that it discovered a way for a user to send a malicious message to a group that causes the app on every participant’s mobile device to continuously crash.
Check Point said the only way for a WhatsApp user to recover after being on the receiving end of an attack waged by weaponizing the bug would be to uninstall and reinstall the app.
About 1.5 billion people use WhatsApp, making it one of the most popular messaging apps in the world.
Check Point privately disclosed the bug in late August, and WhatsApp fixed it in an updated version released the following month, both companies said in a statement.
“Because WhatsApp is one of the world’s leading communication channels for consumers, businesses and government agencies, the ability to stop people using WhatsApp and delete valuable information from group chats is a powerful weapon for bad actors,” said Oded Vanunu, Check Point’s head of product vulnerability research. “All WhatsApp users should update to the latest version of the app to protect themselves against this possible attack.”
“WhatsApp greatly values the work of the technology community to help us maintain strong security for our users globally,” added Ehren Kret, a software engineer for the app. “Thanks to the responsible submission from Check Point to our bug bounty program, we quickly resolved this issue for all WhatsApp apps in mid-September. We have also recently added new controls to prevent people from being added to unwanted groups to avoid communication with untrusted parties all together.”
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.