WhatsApp Critical Privacy Bug Fixed in Latest iOS Update

[MacRumors]

WhatsApp has released version 25.2.3 for iOS devices to patch a significant privacy vulnerability that affected its "View Once" feature. The bug allowed users to access photos and videos that were meant to disappear after a single viewing.

The security flaw, which only impacted iPhone users, allowed anyone to view supposedly ephemeral content by navigating to Settings ➝ Storage and Data ➝ Manage Storage and sorting media by "Newest." This completely bypassed the privacy protection that View Once was designed to provide.

Security researcher Ramshath first documented the vulnerability in a Medium post, prompting WhatsApp to acknowledge the issue and develop a fix. This isn't the first time View Once has faced security challenges – a similar bug was discovered and patched on WhatsApp Web last December.

The latest update also introduces several new features, including the ability to make calls without saving phone numbers first and enhanced group calling capabilities.

Given the privacy implications, WhatsApp users on iOS should update their app immediately through the App Store to ensure their View Once media remains ephemeral as intended. [Direct Link]

Article Link: WhatsApp Critical Privacy Bug Fixed in Latest iOS Update

 

[gleepskip]

What is the practical use case for "view once"?

 

[contacos]

What is the practical use case for "view once"?

I use it a lot to show someone a random meme, screenshot or what I have for dinner. Potentially nudes? (not me, generally speaking). Basically everything I don't need to keep / saved to my camera roll. I wish iMessage had it.

 

[Nicj56]

I barely use the feature, because I don't see the use case for it.

 

[vantelimus]

What is the practical use case for "view once"?

It is for sending any kind of information that should not be saved or stored, like a password or a confidential note. It can be easily defeated by using another device to take a photo of the screen, so it isn't really a great security feature. It seems more useful for sending temporary information, like a one-time code that no one would want to save.

 

[cjsuk]

Have they made it not owned by Meta then?

 

[cjsuk]

What is the practical use case for "view once"?

From the women I know, mostly they seem to receive unwanted pictures of people's dicks with it.

They should turn the feature off.

 

[xander49x]

I stopped using anything made by meta in 2018 #boycottmeta

 

[Havalo]

Mark 2.0 definitely has View More Than Once 😉🤭

 

[UliBaer]

Simply use Signal instead - and spread the word about it!

 

[nikon1]

I stopped using anything made by meta in 2018 #boycottmeta

And, Thankfully, I saw Zuck and his “products” from their introduction and realized I was the real product and never signed on. Same with all the subsequent “offerings” from meta and every other social platform.

F*ckZuck

 

[ATmahe]

Wait ... why is this an issue for me if I don't update WhatsApp?
It's an issue for me if the other side doesn't update ...

 

[Bustycat]

Simply use Signal instead - and spread the word about it!

"WhatsApp uses the Signal Protocol so it's as safe as Signal!"

 

[Unsupported]

What is the practical use case for "view once"?

I use it when I don't want the recipient forwarding it to others.

 

[UliBaer]

"WhatsApp uses the Signal Protocol so it's as safe as Signal!"

But it still isn't Signal and never will be!

Using only the Signal protocol really makes the conversation in itself safe, but harvesting the users contacts and connections is more worth to meta than the content of the conversation. Same with facebook: The content of your page doesn't really matter to them, but your contacts and followers/following (mainly your personal network) are worth pure (advertise-)gold...

 

[aj8690]

The title of this article makes it seem like it was an iOS issue.

 

[svish]

Good to hear that it is fixed. But I have never encountered it as I have never used the feature. Wonder how these bugs make it to the final release.

 

[Sophytaylor6@]

I don't find view once feature useful because few days back I saw a video where it was shown that someone can save the view once media too.

 

[Aves]

What is the practical use case for "view once"?

Nudes.

But I personally use telegram for that.

 

[MS2]

Privacy "bug" in Whatsapp? Really? Privacy in Whatsapp? What reality do you guys live in exactly?
😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂😂
Thats the app that permanently shares your location with Zuckerberg as "debug information" ... privacy bug ... you guys ...

 

[artifex]

But it still isn't Signal and never will be!

Using only the Signal protocol really makes the conversation in itself safe, but harvesting the users contacts and connections is more worth to meta than the content of the conversation. Same with facebook: The content of your page doesn't really matter to them, but your contacts and followers/following (mainly your personal network) are worth pure (advertise-)gold...

I had an unpleasant surprise after someone I knew wanted me to join WA, and suddenly the names of neighbors and other people I don't chat with casually but are in my phone contacts for emergencies suddenly appeared in my WA list. I hastily had to block people. And then a couple of days ago, I checked Facebook for the first time in months and the guy my parents hired to fix something at their house showed up in my suggested contacts, clearly because I'd added him to my phone contacts two weeks ago and WA harvested that for FB.

 

[artifex]

I don't find view once feature useful because few days back I saw a video where it was shown that someone can save the view once media too.

I think this was originally a Snapchat thing, but in Android you've always been able to go into your file directories and look in the subdirectories for these programs and locate and copy out received media. I don't think any of these services encrypt the data at rest on your device, requiring a key from the sender to view.