However, he noted, exploitation of the flaw allows remote copying of up to 150MB of data from the app’s heap memory, which, if it includes text messages, “can present a serious concern.
Beware of clone apps
“From a CISO/CSO perspective, the use of clone apps should be discouraged unless there is a very specific reason for such usage,” he added. “The main reason is that as the audience grows smaller, these clone applications do not get nearly enough attention from their developers, increasing risks of zero day and other vulnerabilities.”
“Finally,” he said, “remind users to not re-use logins/passwords and limit information shared in text apps to non-confidential information.”
