A WhatsApp security vulnerability could allow attackers to crash the iOS app as soon as you answer a call , and could potentially be used to hack your iPhone … The Register reports Vulnerability-related.DiscoverVulnerability that the flaw was reported Vulnerability-related.DiscoverVulnerability to WhatsApp in August , and has been patched Vulnerability-related.PatchVulnerability in the latest version – so you ’ ll want to check for an update . Google Project Zero whizkid and Tamagotchi whisperer Natalie Silvanovich discovered and reported Vulnerability-related.DiscoverVulnerability the flaw , a memory heap overflow issue , directly to WhatsApp in August . Now that a fix is out Vulnerability-related.PatchVulnerability , Silvanovich can go public Vulnerability-related.DiscoverVulnerability with details on the potentially serious flaw . According to Silvanovich’s report Vulnerability-related.DiscoverVulnerability , the bug is triggered when a user receives a malformed RTP packet , triggering the corruption error and crashing the application . In practice , the malformed packet that triggers the crash could be sent via a simple call request . “ This issue can occur when a WhatsApp user accepts a call from a malicious peer , ” Silvanovich explained . It ’ s not clear whether the WhatsApp security flaw could be exploited Vulnerability-related.DiscoverVulnerability for remote code execution , but this is a possibility , and a sufficient risk for a fellow Google researcher to describe Vulnerability-related.DiscoverVulnerability it as ‘ a big deal. ’ “ This is a big deal , ” tweeted Travis Ormandy . “ Just answering a call from an attacker could completely compromise WhatsApp. ” The same vulnerability was present in Vulnerability-related.DiscoverVulnerability the Android app , which has also been patched Vulnerability-related.PatchVulnerability . The Register says it is still waiting to hear from Google on more details , for example whether the desktop app is similarly affected Vulnerability-related.DiscoverVulnerability . It ’ s not the first time of late that a WhatsApp security issue has been identified Vulnerability-related.DiscoverVulnerability . Back in August , it was discovered Vulnerability-related.DiscoverVulnerability that it was possible for an attacker to change both the content and the sender of a WhatsApp message after you ’ ve received it .

WhatsApp has patched Vulnerability-related.PatchVulnerability a vulnerability in its smartphone code that could have been exploited Vulnerability-related.DiscoverVulnerability by miscreants to crash victims ' chat app simply by placing a call . Google Project Zero whizkid and Tamagotchi whisperer Natalie Silvanovich discovered and reported Vulnerability-related.DiscoverVulnerability the flaw , a memory heap overflow issue , directly to WhatsApp in August . Now that a fix is out Vulnerability-related.PatchVulnerability , Silvanovich can go public Vulnerability-related.DiscoverVulnerability with details on the potentially serious flaw . According to Silvanovich 's report , the bug is triggered when a user receives a malformed RTP packet , triggering the corruption error and crashing the application . In practice , the malformed packet that triggers the crash could be sent via a simple call request . `` This issue can occur when a WhatsApp user accepts a call from a malicious peer , '' Silvanovich explained . `` It affects both the Android and iPhone clients . '' While Silvanovich has not said whether further actions ( like remote code execution ) would be possible to pull off in the wild , the flaw was serious enough to draw the attention of fellow Google researcher Tavis Ormandy . Fortunately , as the bug has been patched Vulnerability-related.PatchVulnerability users will be able to get Vulnerability-related.PatchVulnerability a fix for the flaw by updating Vulnerability-related.PatchVulnerability to the latest version of WhatsApp on Android and iOS . We 're still waiting to hear from Google or Facebook on more details , such as if the desktop app is affected of if RCE is possible , but its PR team has a lot on today . The disclosure will add another to the growing list of apps that will need to be updated thanks to October security patches . Earlier today , Microsoft delivered Vulnerability-related.PatchVulnerability its Patch Tuesday security bundle , with Adobe dropping Vulnerability-related.PatchVulnerability its second major patch bundle in as many weeks and Google having posted Vulnerability-related.PatchVulnerability the Android monthly update last week .