WhatsApp flaw could permanently crash app: What to do now [Update]

(Image credit: Facebook)

Update 11:57 am ET: We have added a statement from WhatsApp

Attention all WhatsApp users: Make sure the version installed on your phone is fully up-to-date. 

There's a flaw in older versions of WhatsApp that could put the app in an endless crash loop that would force you to delete and reinstall the software, possibly losing all your chat history in group chats.

The researchers at Israeli security firm Check Point who discovered the flaw said an attacker would only have to send a specially crafted malicious message from the WhatsApp Web desktop client to a group chat. The message would crash WhatsApp for all mobile users participating in that chat. 

If an affected user tried to restart WhatsApp, the mobile app would crash again. The only remedy would be to uninstall WhatsApp and reinstall it. The affected group chat might need to be permanently deleted. 

On the upside, this flaw does not create a security or privacy risk. It's a simple denial-of-service attack. Your WhatsApp messages will not be exposed or compromised. 

Check Point submitted the flaw to WhatsApp's bug-bounty program in August, and a fix was pushed out over the air to mobile users in September.

To make sure you're up to date, update your WhatsApp mobile app to the most recent version available for your device. Here's how. Apple iPhone users should be at version 2.19.58 or later; Android versions will vary by device, but the most recent version of WhatsApp for Android is 2.19.368. 

WhatsApp provided the following statement to Tom's Guide, attributed to WhatsApp software engineer Ehren Kret:

“WhatsApp greatly values the work of the technology community to help us maintain strong security for our users globally. Thanks to the responsible submission from Check Point to our bug bounty program, we quickly resolved this issue for all WhatsApp apps in mid September. We have also recently added new controls to prevent people from being added to unwanted groups to avoid communication with untrusted parties all together.”

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

TOPICS