12 December 2019
A new vulnerability has reportedly been found in WhatsApp that could allow the attackers to gain access to a device or even steal data by sending a malicious GIF file. According to the report from The Next Web, after sending the malicious GIF file, the attack could start when the user opens the WhatsApp Gallery. That means the attacker would just need to wait for that user to open the WhatsApp gallery. Once open, it could crash the app or take the worst action which is obtaining access to your files and messages.
The issue is said to have been caused by a double-free vulnerability which is a memory corruption issue that can crash apps or create an opening for a hacker to take advantage and strike the security.
According to the report, the issue has been resolved via a new update. So, it’s recommended to update your WhatsApp Messenger app to prevent yourself from the possible attack.
The researcher by the name Awakened, who discovered the flaw mentioned that the exploit seems to affect primarily Android devices.
“The exploit works well for Android 8.1 and 9.0, but does not work for Android 8.0 and below. In the older Android versions, double-free could still be triggered. However, […] the app just crashes before reaching to the point that we could control the PC register.”
WhatsApp has also reportedly offered a statement to The Next Web, stating,
“The key point that the [vulnerability disclosure] makes is that this issue affects the user on the sender side, meaning the issue could, in theory, occur when the user takes action to send a GIF. The issue would impact their own device.It was reported and quickly addressed last month. We have no reason to believe this affected any users though of course, we are always working to provide the latest security features to our users.”
But the researcher who caught this issue has disputed WhatsApp’s claims and shared a demo with TNW to show how the vulnerability occurs.
Download the latest update of the WhatsApp.
WhatsApp | Android | Play Store, Free