14 DAY TRIAL // A security vulnerability in WhatsApp for Android and iOS causes the app to completely crash when the target receives a group message.
The so-called “destructive” group chat message can crash WhatsApp for all members of the group, security company Check Point warns, and there’s no way to recover other that uninstalling and reinstalling the application.
Returning to the group chat and restoring the message history is impossible, and the only way to stop the crash loop is to delete the conversation where the message was sent.
The crafted message can be sent from a browser using a debugging tool, and Check Point says that all group messages on both Android and iOS are affected.
Update WhatsApp as soon as possible
The security company reveals that it has already reached out to WhatsApp to report the vulnerability and the Facebook-owned company issued a patch to correct it. Users are recommended to update to the latest version of the app as soon as possible.
On iOS, the WhatsApp version that includes the patch is 2.19.120, while on Android, the latest client version is 2.19.360.
At the time of writing this article, it’s not yet known if this bug has been abused.
WhatsApp is currently the leading instant messaging platform on Android and iOS with approximately 1.5 billion users worldwide. Bugs in the app, however, aren’t something unusual, as Check Point itself has previously discovered similar vulnerabilities that allowed malicious actors to send fake messages.
WhatsApp hasn’t issued a warning on this new discovery, but an immediate update is recommended anyway, especially as a successful exploit would cause the app to crash completely until the group chat is deleted.
A demonstration of the bug is available in this Check Point Research video here.