If you have WhatsApp installed on your phone, you should make sure that you’re updated to the latest version. Otherwise you are potentially putting your phone at risk, following the discovery of not one, but two zero-day flaws within the messaging app.
Over the past few days, reports have surfaced (via Naked Security (opens in new tab)) about the vulnerabilities. The good news is that WhatsApp had already identified and patched the flaws, sending out updates to the appropriate app stores. But the fact these were zero-day flaws means you need to double check that your version of the app is totally up to date.
A zero-day security flaw is, in simple terms, one where hackers have the advantage — exploiting a hole in security before the development team is aware of it. They have had “zero days” to work on fixing a vulnerability before it’s discovered by external forces, in other words.
Other flaws are identified by different means, with no evidence that anyone outside the company is aware of them. Both are serious, but the zero-day flaw is arguably the worst of the two since users are very much at risk from bad actors from the get-go.
In this instance both flaws allowed potential remote code execution. As Naked Security puts it, this could allow for bad actors to booby-trap data and force the app to crash. More skilled hackers could potentially exploit the circumstances of a crash to cause other kinds of unauthorized activity. Normally this involves malware or trying to take remote control of the afflicted device.
Bug descriptions suggest that one of the bugs required a call to connect before being triggered. The second one appears as though it could be triggered at other points you might be using WhatsApp.
Similarly, if hackers are able to access your WhatsApp app, it means they can access all your private communications and contacts. That could easily be exploited for a variety of purposes, least of which is selling the information on to others.
Frankly, none of this sounds like a lot of fun. Which is why you should make sure WhatsApp is all up to date. Naked Security notes that anything newer than version 18.104.22.168, on Android and iOS is safe from both these flaws.
Currently the Apple App Store is offering version 22.214.171.124 and Google Play has version 126.96.36.199. In short, both platforms appear to be well past the danger zone — provided you’re running the latest version of the software.
So be sure to go into your respective app store and make sure you don’t have any updates pending. And if there are, get them downloaded pronto.