Alert! New WhatsApp bug crashes app and deletes chat history

Popular chat app WhatsApp has frequently been at the receiving end of bugs and hacks. The cybersecurity researchers at Check Point have recently spotted a vulnerability in the app that can cause WhatsApp to crash simultaneously for multiple users on a shared group.

The vulnerability leads the app to crash in loop forcing users to reinstall the app. But the users would lose the chat history forever. It must be mentioned that WhatsApp allows a maximum of 256 members in a group making it easier for the hackers to comfortably become part of one.

The vulnerability that has since been fixed allows malicious hackers to exploit the platform through WhatsApp Web and a debugging tool like Chrome’s DevTools. The hackers gain access to a specific message parameter and lead to the crashing of the app in loop.

“In WhatsApp there are many important groups with valuable content. If an attacker uses this technique and crashes one of these groups all chat history will be gone and further communication would be impossible. The impact of this vulnerability is potentially tremendous, since WhatsApp is the main communication service for many people. Thus, the bug compromises the availability of the app which is a crucial for our daily activities. In order to recover from the issue, the users have to uninstall WhatsApp, install it again and remove the group which contains the malicious payload,” said the security researchers in the report.

WhatsApp software engineer Ehren Kret said, “Thanks to the responsible submission from Check Point to our bug bounty programme, we quickly resolved this issue for all WhatsApp apps in mid-September. We have also recently added new controls to prevent people from being added to unwanted groups to avoid communication with untrusted parties all together.”

WhatsApp has fixed the bug starting from its Android version number 2.19.58. Users who are using versions prior to that are advised to update their app to avoid crashing of the app.

 

 

Source by

Leave a Reply

Your email address will not be published. Required fields are marked *