Whatsapp, one of the largest social media platforms owned by Facebook, is found insecure due to a vulnerability discovered around three months ago. All WhatsApp users are very familiar with varieties of GIF images like good morning and good night messages.
Can you ever imagine a single GIF can intrude your phone?
Surprisingly, it became true that a malicious GIF file can insecure your WhatsApp messenger.
The intrude of malicious GIF image is powerful to steal your personal images, conversations and also compromise Android devices.
A security researcher who goes by the online handle ‘Awakened’ discovered a double-free bug (CVE-2019-11932) in WhatsApp for android affecting all versions below 2.19.244.
What is a double-free vulnerability?
A double-free vulnerability is when the free() parameter is called twice on the same value and argument in software. This kind of bug could lead to memory leaking or becoming corrupted and this gives an attacker the chance to overwrite elements or even execute arbitrary code.
How does the bug work?
At the beginning stage when the attacker sends malicious GIFs to the victim it is not vulnerable. It gets activated once the victim simply opens the Whatsapp gallery picker to send any media file to someone.
To exploit this, all the attackers need to do is send a malicious GIF file to android user via any online communication channel and wait for the user to open the image gallery in WhatsApp.
The company representative said that “this issue affects the user on the sender side, meaning the issue could, in theory, occur when the user takes action to send a GIF. The issue would impact their own device.
In the past, WhatsApp was attacked by a Whatsapp Misscall virus which affected the user’s same way creating a headache for WhatsApp.
What happens if your phone is attacked?
If the WhatsApp is attacked by the malicious virus then the memory will be corrupted and the apps will start crashing. This malicious GIF creates a path for hackers to get into your smartphone and steal whatever needed.
Devices under risk?
“The exploit works for Android 8.1 and 9.0, but does not work for Android 8.0 and below,”. The security researcher informed Facebook of their findings.
WhatsApp for iOS is not affected by this vulnerability.
Patch ups to be done?
It is recommended that all the WhatsApp users update their software to the latest version from the play store in order to stay protected.
The developer of the affected GIF library, called Android GIF Drawable, has also released version 1.2.18 of the software to patch the double-free vulnerability.
You may be interested in reading: EX – YAHOO EMPLOYEE SNEAKS INTO 6000 ACCOUNTS FOR SEXUAL CONTENT