According to the firm, this flaw involves how a single user in a group chat could create a situation in which it would cause the app to continuously crash where the only recourse would be to uninstall and reinstall the app again. It would also result in group members from rejoining the chat and it would also essentially cause them to lose all history of the chat.
The flaw is exploited by editing specific message parameters using WhatsApp’s web interface and a browser’s debugging tool. Thankfully, this flaw was discovered back in August where WhatsApp soon patched it not too long after in September as of version 2.19.58. It is safe to assume that most users would have updated the app by now, but in case you are running an older version of the app, it might be a good time to update it now.
We have yet to hear of the flaw being exploited in the wild, but it’s always a good idea to keep yourself and your apps up to date with the latest patches.
WhatsApp Software Engineer, Ehren Kret Has also since provided us with a statement that reads, “WhatsApp greatly values the work of the technology community to help us maintain strong security for our users globally. Thanks to the responsible submission from Check Point to our bug bounty program, we quickly resolved this issue for all WhatsApp apps in mid September. We have also recently added new controls to prevent people from being added to unwanted groups to avoid communication with untrusted parties all together.”