Technology
New WhatsApp bug may steal files, messages with GIFs
San Francisco, Oct 3
A security bug has been found in Facebook-owned instant messenger WhatsApp that could let attackers to obtain access to a device and steal data by sending a malicious GIF file.
The danger stems from a double-free bug in WhatsApp, according to a researcher going by the nickname Awakened, The Next Web reported on Wednesday.
A double-free vulnerability is a memory corruption anomaly that could crash an application or open up an exploit vector that attackers can abuse to gain access to users' device.
According to Awakened's post on GitHub, the flaw resided in WhatsApp's Gallery view implementation that is used to generate previews for photographs, videos and GIFs.
All it takes to perform the attack is to craft a malicious GIF, and wait for the user to open the WhatsApp gallery, the report added.
"The exploit works well until WhatsApp version 2.19.230. The vulnerability is officially patched in WhatsApp version 2.19.244," wrote the researcher.
The bug also works for Android 8.1 and Android 9.0 OS but does not work for Android 8.0 and below.
In the older Android versions, double-free could still be triggered. However, because of the malloc calls by the system after the double-free, the app just crashes before reaching to the point that we could control the PC register, according to a report in Gizmodo.
The danger stems from a double-free bug in WhatsApp, according to a researcher going by the nickname Awakened, The Next Web reported on Wednesday.
A double-free vulnerability is a memory corruption anomaly that could crash an application or open up an exploit vector that attackers can abuse to gain access to users' device.
According to Awakened's post on GitHub, the flaw resided in WhatsApp's Gallery view implementation that is used to generate previews for photographs, videos and GIFs.
All it takes to perform the attack is to craft a malicious GIF, and wait for the user to open the WhatsApp gallery, the report added.
"The exploit works well until WhatsApp version 2.19.230. The vulnerability is officially patched in WhatsApp version 2.19.244," wrote the researcher.
The bug also works for Android 8.1 and Android 9.0 OS but does not work for Android 8.0 and below.
In the older Android versions, double-free could still be triggered. However, because of the malloc calls by the system after the double-free, the app just crashes before reaching to the point that we could control the PC register, according to a report in Gizmodo.
1 minute ago
Akanksha Ranjan Kapoor shares dreamy pictures from her wedding ceremony with Sharan Sharma
2 minutes ago
Moushumi Chatterjee shares fond memories of playing Sita with Dara Singh in ‘Bajrangbali’
2 minutes ago
Lara Dutta reunites with Priyanka Chopra after 26 years, shares heartwarming pictures from Wimbledon
3 minutes ago
Raveena Tandon shares emotional birthday message for son Ranbirvardhan: ‘My last of your teens’
4 minutes ago
Sunita Ahuja on ‘Lock Upp 2’ exit: ‘My diabetes increased, so I had to leave the game’
5 minutes ago
Trisha tells S Janaki: Thank you for reminding me that the greatest artists are the humblest souls!
5 minutes ago
Venkat Prabhu on iconic singer S Janaki's demise: It's heartbreaking, it's scary!
6 minutes ago
Ananya Panday shares glimpse of her ‘perfect day’ at Wimbledon, reveals her real treat
7 minutes ago
Huma Qureshi reveals the strongest woman in her life, says ‘I met her before any film set’
7 minutes ago
Abishan Jeevinth tells Shiva Rajkumar: Incredibly proud to share screen with you!
8 minutes ago
Sunita Ahuja on ‘Lock Upp 2’: I’m not crazy enough to fight with children
9 minutes ago
Ram Kapoor opens up on being molested in school, says abuser helped him heal
10 minutes ago
Voice that became Kerala's own: S. Janaki passes away at 88
