Technology
New WhatsApp bug may steal files, messages with GIFs
San Francisco, Oct 3
A security bug has been found in Facebook-owned instant messenger WhatsApp that could let attackers to obtain access to a device and steal data by sending a malicious GIF file.
The danger stems from a double-free bug in WhatsApp, according to a researcher going by the nickname Awakened, The Next Web reported on Wednesday.
A double-free vulnerability is a memory corruption anomaly that could crash an application or open up an exploit vector that attackers can abuse to gain access to users' device.
According to Awakened's post on GitHub, the flaw resided in WhatsApp's Gallery view implementation that is used to generate previews for photographs, videos and GIFs.
All it takes to perform the attack is to craft a malicious GIF, and wait for the user to open the WhatsApp gallery, the report added.
"The exploit works well until WhatsApp version 2.19.230. The vulnerability is officially patched in WhatsApp version 2.19.244," wrote the researcher.
The bug also works for Android 8.1 and Android 9.0 OS but does not work for Android 8.0 and below.
In the older Android versions, double-free could still be triggered. However, because of the malloc calls by the system after the double-free, the app just crashes before reaching to the point that we could control the PC register, according to a report in Gizmodo.
The danger stems from a double-free bug in WhatsApp, according to a researcher going by the nickname Awakened, The Next Web reported on Wednesday.
A double-free vulnerability is a memory corruption anomaly that could crash an application or open up an exploit vector that attackers can abuse to gain access to users' device.
According to Awakened's post on GitHub, the flaw resided in WhatsApp's Gallery view implementation that is used to generate previews for photographs, videos and GIFs.
All it takes to perform the attack is to craft a malicious GIF, and wait for the user to open the WhatsApp gallery, the report added.
"The exploit works well until WhatsApp version 2.19.230. The vulnerability is officially patched in WhatsApp version 2.19.244," wrote the researcher.
The bug also works for Android 8.1 and Android 9.0 OS but does not work for Android 8.0 and below.
In the older Android versions, double-free could still be triggered. However, because of the malloc calls by the system after the double-free, the app just crashes before reaching to the point that we could control the PC register, according to a report in Gizmodo.
15 hours ago
Vietnam boat accident: TN govt extends full support to victims and families
15 hours ago
Kerala couple among 15 Indians killed in Vietnam boat tragedy
16 hours ago
FIFA WC: 'Haaland is unstoppable in the box,' says Vieri ahead of Norway vs England quarterfinal
16 hours ago
FIFA WC: When and where to watch Argentina vs Switzerland, know all details
19 hours ago
Boat carrying Indian tourists capsizes in Vietnam, several killed
21 hours ago
Courtroom drama was on Kajal Aggarwal’s radar for a long time
21 hours ago
Television actor Rohit Chandel arrested for allegedly stalking, harassing a minor
21 hours ago
Matt Damon wants to collaborate with Shekhar Kapur
21 hours ago
India ranks 1st in milk production, 2nd in mobile, 3rd in auto globally: PM Modi in New Zealand
21 hours ago
Onion prices jump in Chennai as Maharashtra supply drops, traders warn of further rise
21 hours ago
FSSAI slaps Swiggy Instamart with 9 notices following consumer complaints
21 hours ago
Sabarimala Tantri designate opts out, cites ill health
21 hours ago
Correct script, pronunciation: Centre issues fresh guidelines for National Song, National Anthem
