WhatsApp Warns Users About Malicious GIF

Published October 3rd, 2019 - 01:00 GMT
The exploit works well until WhatsApp version 2.19.230.
The exploit works well until WhatsApp version 2.19.230. (Shutterstock)
Highlights
The danger stems from a double-free bug in WhatsApp

A security bug has been found in Facebook-owned WhatsApp that could let attackers obtain access to a device and steal data by sending a malicious GIF file.

{"preview_thumbnail":"https://cdn.flowplayer.com/6684a05f-6468-4ecd-87d5-a748773282a3/i/v-i-7…","video_id":"7c2e50c8-9b5c-4163-9815-21d6d268309b","player_id":"8ca46225-42a2-4245-9c20-7850ae937431","provider":"flowplayer","video":"Top 10 Countries with the Highest Risk of Money Laundry"}

The danger stems from a double-free bug in WhatsApp, according to a researcher going by the nickname Awakened, The Next Web reported on Wednesday.

A double-free vulnerability is a memory corruption anomaly that could crash an application or open up an exploit vector that attackers can abuse to gain access to users' device.

According to Awakened's post on GitHub, the flaw resided in WhatsApp's gallery view implementation that is used to generate previews for photographs, videos and GIFs.

All it takes to perform the attack is to craft a malicious GIF, and wait for the user to open the WhatsApp gallery, the report added.

"The exploit works well until WhatsApp version 2.19.230. The vulnerability is officially patched in WhatsApp version 2.19.244," wrote the researcher.

The bug also works for Android 8.1 and Android 9.0 OS but does not work for Android 8.0 and below.

In the older Android versions, double-free could still be triggered. However, because of the malloc calls by the system after the double-free, the app just crashes before reaching to the point that we could control the PC register, according to a report in Gizmodo.


Copyright © 2021 Khaleej Times. All Rights Reserved.

You may also like