Saturday December 7, 2019
Home Lead Story WhatsApp Bug ...

WhatsApp Bug May Steal Data by Sending a Malicious GIF File

The bug also works for Android 8.1 and Android 9.0 OS but does not work for Android 8.0 and below

0
//
WhatsApp
WhatsApp on a smartphone device. Pixabay

A security bug has been found in Facebook-owned instant messenger WhatsApp that could let attackers to obtain access to a device and steal data by sending a malicious GIF file.

The danger stems from a double-free bug in WhatsApp, according to a researcher going by the nickname Awakened, The Next Web reported on Wednesday.

A double-free vulnerability is a memory corruption anomaly that could crash an application or open up an exploit vector that attackers can abuse to gain access to users’ device.

According to Awakened’s post on GitHub, the flaw resided in WhatsApp’s Gallery view implementation that is used to generate previews for photographs, videos and GIFs.

facebook, WhatsApp, stories, feature
Silhouettes of mobile users are seen next to logos of social media apps Signal, Whatsapp and Telegram projected on a screen in this picture illustration. VOA

All it takes to perform the attack is to craft a malicious GIF, and wait for the user to open the WhatsApp gallery, the report added.

“The exploit works well until WhatsApp version 2.19.230. The vulnerability is officially patched in WhatsApp version 2.19.244,” wrote the researcher.

Also Read: Indiscriminate and Irrational Use of Resources and Exploitation of Environment

The bug also works for Android 8.1 and Android 9.0 OS but does not work for Android 8.0 and below.

In the older Android versions, double-free could still be triggered. However, because of the malloc calls by the system after the double-free, the app just crashes before reaching to the point that we could control the PC register, according to a report in Gizmodo. (IANS)

Next Story

WhatsApp Reveals its Dark Mode Having Some Hidden Features

According to WABetaInfo, the feature will be initially available for group chats only and can be enabled by the group's administrators. Once enabled, the feature can be toggled in Contact Info or Group Settings

0
facebook, WhatsApp, stories, feature
Silhouettes of mobile users are seen next to logos of social media apps Signal, Whatsapp and Telegram projected on a screen in this picture illustration. VOA

Dark Mode for WhatsApp has been in the news for long and now a new beta update with the build number 2.19.353 has revealed some hidden features which will offer three options for activating the dark mode.

The light theme would offer a white background. Dark theme, as the name suggests, would enable dark mode on WhatsApp, according to WABetaInfo, a fan website that tracks WhatsApp updates.

The third option, which is ‘Set by Battery Saver’, dark mode would be activated only when the smartphone’s battery level drops below a certain point. This third option is said to be available only for smartphones running on Android 9.0 or older.

WhatsApp dark theme comes with a dark grey background and the text highlighted in white colour. Light theme is essentially a lighter version of the dark theme.

whatsapp, paytm, UPI-based Pay service
FILE – The WhatsApp app logo is seen on a smartphone in this picture illustration. VOA

Meanwhile, users will be able to choose between light and dark theme according to their preference.

Recently, WhatsApp beta version 2.19.348 for Android devices was released and it was spotted adding a self-destructing ‘Delete messages’ feature.

Also Read: US Chipmaker Intel Eyes AI on ‘Edge Computing’

Once available, the “Delete Message” feature will come with a toggle on/off button and users can choose a stipulated time — 1 hour, 1 day, 1 week, 1 month or 1 year — for the messages to automatically disappear.

According to WABetaInfo, the feature will be initially available for group chats only and can be enabled by the group’s administrators. Once enabled, the feature can be toggled in Contact Info or Group Settings. (IANS)