Wednesday October 16, 2019
Home Lead Story WhatsApp Bug ...

WhatsApp Bug May Steal Data by Sending a Malicious GIF File

The bug also works for Android 8.1 and Android 9.0 OS but does not work for Android 8.0 and below

0
//
WhatsApp
WhatsApp on a smartphone device.

A security bug has been found in Facebook-owned instant messenger WhatsApp that could let attackers to obtain access to a device and steal data by sending a malicious GIF file.

The danger stems from a double-free bug in WhatsApp, according to a researcher going by the nickname Awakened, The Next Web reported on Wednesday.

A double-free vulnerability is a memory corruption anomaly that could crash an application or open up an exploit vector that attackers can abuse to gain access to users’ device.

According to Awakened’s post on GitHub, the flaw resided in WhatsApp’s Gallery view implementation that is used to generate previews for photographs, videos and GIFs.

facebook, WhatsApp, stories, feature
Silhouettes of mobile users are seen next to logos of social media apps Signal, Whatsapp and Telegram projected on a screen in this picture illustration. VOA

All it takes to perform the attack is to craft a malicious GIF, and wait for the user to open the WhatsApp gallery, the report added.

“The exploit works well until WhatsApp version 2.19.230. The vulnerability is officially patched in WhatsApp version 2.19.244,” wrote the researcher.

Also Read: Indiscriminate and Irrational Use of Resources and Exploitation of Environment

The bug also works for Android 8.1 and Android 9.0 OS but does not work for Android 8.0 and below.

In the older Android versions, double-free could still be triggered. However, because of the malloc calls by the system after the double-free, the app just crashes before reaching to the point that we could control the PC register, according to a report in Gizmodo. (IANS)

Next Story

WhatsApp Now Back on Google Play Store After its Sudden Disappearance

Due to the sudden disappearance, those who were looking to join WhatsApp for the first time were not able to install it via the Play Store

0
whatsapp, paytm, UPI-based Pay service
FILE - The WhatsApp app logo is seen on a smartphone in this picture illustration. VOA

Facebook-owned WhatsApp on Saturday confirmed that the app was now back on the Google App store after its sudden disappearance.

New users’ can download the app on Android phones by just typing WhatsApp on the search box of Google Play Store.

Unfortunately, the reason for the short absence remains unclear.

WhatsApp
WhatsApp on a smartphone device.

Users on Friday reported that the Facebook-owned instant chat messenger app disappeared from the Google Play Store.

Also Read: Microsoft Planning to Launch a New Keyboard with Emoji Menu

Due to the sudden disappearance, those who were looking to join WhatsApp for the first time were not able to install it via the Play Store. (IANS)