Automated page speed optimizations for fast site performance
| Risk | Explanation | |------|-------------| | Unpatched video call buffer overflow | An attacker sends a malicious video file via WhatsApp. On KitKat, the bug is unpatched, leading to remote code execution. | | Man-in-the-middle (MITM) on encryption negotiation | Newer TLS 1.3 handshakes may fall back to outdated TLS 1.0, which is breakable. | | Media file spoofing | Outdated image/video parsers can be tricked into executing JavaScript or malware. | | Spyware via backup | Backups to Google Drive remain encrypted, but the local SQLite database on KitKat (no full-disk encryption by default) can be accessed by any malicious app with storage permission. |
Some lighter apps or older versions of other services might still work: Whatsapp Android 4.4.2
🚨
In October 2023, Meta (formerly Facebook) announced that WhatsApp would cease feature updates and security patches for Android 4.4.2 and older versions. The cut-off date was . After that: | Risk | Explanation | |------|-------------| | Unpatched
of WhatsApp.