WhatsApp releases fix for critical iOS bug
If you haven't updated WhatsApp lately, now is the time to do so. The Facebook-owned messaging platform has pushed a fix for the critical security bug on its app for iOS. The vulnerability allows anyone to bypass WhatsApp's biometric lock, but with this release, the problem will be fixed. Here's more on the issue.
Why this update is important
A few days back, Reddit user de_X_ter flagged a major issue in WhatsApp for iOS, a bug that allowed anyone to bypass the messaging app's Touch ID or Face ID lock. The vulnerability triggered whenever someone used WhatsApp Share Extension in any app, allowing them to open the messaging platform (and its content) without any authentication.
Exploitation needed physical device access and specific authentication settings
The issue triggered only when the users had set Face ID or Touch ID authentication kick-in time to 'after 1 minute, after 15 minutes, or after 1 hour'. Also, an attacker would have needed physical access to an iOS device to exploit the bug successfully.
Thankfully, there is an official fix now
The issue risked the privacy of every user who thought their WhatsApp messages were safely locked behind Apple's biometrics-based screen lock. However, the messaging platform, which has over a billion users, was quick to acknowledge the bug and release a fix for plugging the loophole. It comes with version 2.19.22 of the app, which can be installed from Apple's App Store right away.
How to update WhatsApp for iOS?
To install the latest version, head over to App Store on your iOS device and switch to the 'Updates' tab. There, you will find a list of apps ready to be updated, including WhatsApp. Tap the 'Update' button to get its latest version.
No other improvement with this update
The update patches the critical vulnerability, but apart from that, it doesn't appear to offer any improvement into the messaging platform. To recall, WhatsApp introduced Touch ID and Face ID locking capabilities earlier this month, giving users an option to secure their personal messages. Android users are yet to receive the feature.
