A vulnerability was discovered in the system that would allow hackers to exploit malicious GIFs to steal data from users
A new vulnerability in WhatsApp has been discovered that exploits malicious GIFs to compromise sessions, files and user messages. Possible security problems would be relative for Android devices only for users who send and receive GIFs on WhatsAppinv format of moving images widely used in today's chats.
The security flaw, called CVE-2019-11932, a double-free bug which exists in WhatsApp in the image library for Android in all versions prior to 2.19.244. The security loophole was discovered by a "techno and information security enthusiast" of Singapore. A hackers called "Awakened" which has discovered "double-free" ability to allow the bad guys to enter your smartphoneof unsuspecting users through the image gallery.
GIF on WhatsApp, what the vulnerability consists of
Awakened explained that the bug could be activated in two ways.The first way requires that a malicious application is already installed on an Android device and then the app creates a malicious GIF file used to steal files from WhatsApp by collecting library data.
The second attack method requires a user to be exposed to payload of a malicious GIF in WhatsApp as an attachment or through other channels. However, if a GIF is sent directly through the WhatsApp gallery, the attack will fail.
WhatsApp tests the "Messages that disappear"
Put simply, this is a so-called attack on "memory corruption" where the program just crashes and upon his new upload he encounters the code of the infecting hackers who it could be spyware ready to spy on every type of data on the smartphone from the phonebook, to emails not to mention SMS, chat or other. In this case the malicious code could also act autonomously and send images, or indeed GIFs on WhatsApp, to other users without the owner noticing.
What are the devices at risk?
WhatsApp the most widely used messaging platform in the world that connects billions of people every day. The ubiquity of WhatsApp also makes it vulnerable to hacker attacks. WhatsApp has often boasted of the security features of the platform but cases of violations and attacks have been reported. The problem in this circumstance seems to be more limited since the hacker code can only be exploited in the versions ofAndroid 8.1 and 9.0in the version ofWhatsApp 2.19.244.