WhatsApp flaw lets attackers to hack phones using GIFs


A vulnerability was discovered in WhatsApp, that could permit the attackers to obtain access to the device and steal data by just sending a malicious GIF file.

The bug was identified and shared by the security enthusiast, Awakened on Github. The issue is a double-free vulnerability, which is a memory corruption issue that can crash apps or create an opportunity for a hacker to compromise the security of the affected device.

If an attacker sends a malicious GIF to the WhatsApp user, the next time when that users opens their WhatsApp photo gallery, the bug will strike. The users using certain versions of the Android mobile OS are most likely to be affected by the bug.

The exploit works well until WhatsApp version 2.19.230 and the vulnerability is official patched in WhatsApp version 2.19.244.

The exploit worked for Android 8.1 and 9.0, and did not for Android 8.0 and below. It is possible to trigger the double-free in the older Android versions. However, due to the malloc calls by the system after the double-free, the app just crashes before reaching to the point to control the PC register.

WhatsApp confirmed that no users were impacted and that it had resolved the issue in a patch.

Even though this bug impacts only Android devices, Awakened warns all the WhatsApp users to update to latest WhatsApp version (2.19.244 or above) to stay safe from this bug.

The Facebook-owned encrypted messaging service app, is not flawless, and it suffered several other security vulnerabilities in the past. It is time for users to update WhatsApp as early as possible.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    US and Australian hospitals affected by ransomware attacks

    Previous article

    FBI warns about High-Impact Ransomware on US Organizations

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *