Answering a booby-trapped video call via the WhatsApp messaging service could force the app to crash and close, a security expert has found.
The bug was a “big deal” said researcher Tavis Ormandy, who is part of the team that found it.
It was found in the messaging service’s apps used on Android and Apple smartphones.
The software loophole was discovered in late August and fixed in early October, said WhatsApp’s owner Facebook.
Natalie Silvanovich, a member of a team Google set up to hunt for vulnerabilities in widely-used software, discovered the WhatsApp weakness.
The problem exposed by Ms Silvanovich resides in the way the phone apps transport video. By changing packets of data used to do this, it was possible to make the app shut down, she discovered.
The web version of WhatsApp uses a different method for moving video, so is not vulnerable to this bug.
Facebook said it reacted “promptly” to fix the issue once it was identified.
“We routinely engage with security researchers from around the world to ensure WhatsApp remains safe and reliable,” it said.
It added that there was no evidence that the bug was widely known in the malicious hacking world or was exploited to attack WhatsApp users.
The messaging app is used by more than 1.2 billion people around the world.