WhatsApp hit by two zero-day flaws — update the app now
Another example of why you need to keep your apps updated
If you have WhatsApp installed on your phone, you should make sure that you’re updated to the latest version. Otherwise you are potentially putting your phone at risk, following the discovery of not one, but two zero-day flaws within the messaging app.
Over the past few days, reports have surfaced (via Naked Security) about the vulnerabilities. The good news is that WhatsApp had already identified and patched the flaws, sending out updates to the appropriate app stores. But the fact these were zero-day flaws means you need to double check that your version of the app is totally up to date.
A zero-day security flaw is, in simple terms, one where hackers have the advantage — exploiting a hole in security before the development team is aware of it. They have had “zero days” to work on fixing a vulnerability before it's discovered by external forces, in other words.
Other flaws are identified by different means, with no evidence that anyone outside the company is aware of them. Both are serious, but the zero-day flaw is arguably the worst of the two since users are very much at risk from bad actors from the get-go.
In this instance both flaws allowed potential remote code execution. As Naked Security puts it, this could allow for bad actors to booby-trap data and force the app to crash. More skilled hackers could potentially exploit the circumstances of a crash to cause other kinds of unauthorized activity. Normally this involves malware or trying to take remote control of the afflicted device.
Bug descriptions suggest that one of the bugs required a call to connect before being triggered. The second one appears as though it could be triggered at other points you might be using WhatsApp.
Similarly, if hackers are able to access your WhatsApp app, it means they can access all your private communications and contacts. That could easily be exploited for a variety of purposes, least of which is selling the information on to others.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Frankly, none of this sounds like a lot of fun. Which is why you should make sure WhatsApp is all up to date. Naked Security notes that anything newer than version 2.22.16.12, on Android and iOS is safe from both these flaws.
Currently the Apple App Store is offering version 2.22.19.78 and Google Play has version 2.22.19.76. In short, both platforms appear to be well past the danger zone — provided you’re running the latest version of the software.
So be sure to go into your respective app store and make sure you don’t have any updates pending. And if there are, get them downloaded pronto.
Read next: A new iOS tool could be a malware nightmare, and this is how iPhone owners can stay safe.
Tom is the Tom's Guide's UK Phones Editor, tackling the latest smartphone news and vocally expressing his opinions about upcoming features or changes. It's long way from his days as editor of Gizmodo UK, when pretty much everything was on the table. He’s usually found trying to squeeze another giant Lego set onto the shelf, draining very large cups of coffee, or complaining about how terrible his Smart TV is.