A vulnerability was discovered in WhatsApp, that could permit the attackers to obtain access to the device and steal data by just sending a malicious GIF file.
The bug was identified and shared by the security enthusiast, Awakened on Github. The issue is a double-free vulnerability, which is a memory corruption issue that can crash apps or create an opportunity for a hacker to compromise the security of the affected device.
If an attacker sends a malicious GIF to the WhatsApp user, the next time when that users opens their WhatsApp photo gallery, the bug will strike. The users using certain versions of the Android mobile OS are most likely to be affected by the bug.
The exploit works well until WhatsApp version 2.19.230 and the vulnerability is official patched in WhatsApp version 2.19.244.
The exploit worked for Android 8.1 and 9.0, and did not for Android 8.0 and below. It is possible to trigger the double-free in the older Android versions. However, due to the malloc calls by the system after the double-free, the app just crashes before reaching to the point to control the PC register.
WhatsApp confirmed that no users were impacted and that it had resolved the issue in a patch.
Even though this bug impacts only Android devices, Awakened warns all the WhatsApp users to update to latest WhatsApp version (2.19.244 or above) to stay safe from this bug.
The Facebook-owned encrypted messaging service app, is not flawless, and it suffered several other security vulnerabilities in the past. It is time for users to update WhatsApp as early as possible.