EXCITING NEWS: TNG WhatsApp Channel is LIVE…
Subscribe for FREE to get LIVE NEWS UPDATE. Click here to subscribe!
A researcher has discovered a vulnerability in WhatsApp that could make it possible for attackers to gain access to your files and messages using malicious GIFs.
The danger stems from a double-free bug in WhatsApp, according to the researcher going by the nickname Awakened.
A double-free vulnerability refers to a memory corruption anomaly that could crash an app, or worse, open up an exploit vector that attackers can abuse to obtain access to your device.
All it takes to perform the attack is to craft a malicious GIF, and wait for the user to open the WhatsApp gallery.
In a technical write-up on GitHub, the researcher explained that the flaw resided in WhatsApp‘s Gallery view implementation, which is used to generate previews for images, videos, and GIFs.
“The exploit works well for Android 8.1 and 9.0, but does not work for Android 8.0 and below.
“In the older Android versions, double-free could still be triggered. However, […] the app just crashes before reaching to the point that we could control the PC register,” Awakened stated.
The researcher has already notified Facebook of this shortcoming, and the company has since fixed the issue. To protect yourself against the exploit, you should download the latest version of the app.
However, a WhatsApp spokesperson has since addressed the GIF vulnerability, saying that the company has no reason to believe the bug affected any users.
“The key point that the [vulnerability disclosure] makes is that this issue affects the user on the sender side, meaning the issue could in theory occur when the user takes action to send a GIF. The issue would impact their own device.
“It was reported and quickly addressed last month. We have no reason to believe this affected any users though of course we are always working to provide the latest security features to our users,” the WhatsApp spokesperson stated.