Home / Social / WhatsApp Bug Could Have Allowed Hackers to Steal Files, Messages With GIFs: Report

WhatsApp Bug Could Have Allowed Hackers to Steal Files, Messages With GIFs: Report

A security bug was reportedly found in Facebook-owned instant messenger WhatsApp that could let attackers obtain access to a device and steal data by using a malicious GIF file. The danger stems from a double-free bug in WhatsApp, according to a researcher going by the nickname Awakened, The Next Web reported on Wednesday. WhatsApp said the bug was fixed last month and it had “no reason to believe” that the bug affected anyone.

A double-free vulnerability is a memory corruption anomaly that could crash an application or open up an exploit vector that attackers can abuse to gain access to users’ device.

According to Awakened’s post on GitHub, the flaw resided in WhatsApp’s Gallery view implementation that is used to generate previews for photographs, videos and GIFs.

All it takes to perform the attack is to craft a malicious GIF, and wait for the user to open the WhatsApp gallery, the report added.

“The exploit works well until WhatsApp version 2.19.230. The vulnerability is officially patched in WhatsApp version 2.19.244,” wrote the researcher.

The bug also works for Android 8.1 and Android 9.0 OS but does not work for Android 8.0 and below.

In the older Android versions, double-free could still be triggered. However, because of the malloc calls by the system after the double-free, the app just crashes before reaching to the point that we could control the PC register, according to a report in Gizmodo.

“The key point that the [vulnerability disclosure] makes is that this issue affects the user on the sender side, meaning the issue could in theory occur when the user takes action to send a GIF. The issue would impact their own device,” a WhatsApp spokesperson told The Next Web. “It was reported and quickly addressed last month. We have no reason to believe this affected any users though of course we are always working to provide the latest security features to our users.”

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Redmi 8 to Launch in India on October 9, Specifications Allegedly Spotted on Google Play Console

OnePlus TV Receives Its First Software Update Since Launch; Optimises DLNA Music Cast Performance, HDR Content




Source link

Check Also

Facebook Dating Gets Support for Facebook, Instagram Stories

Facebook Dating users can now share Instagram Stories and Facebook Stories to their dating profiles, ...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.