WhatsApp Vulnerability Compromises Chat Sessions Through Gifs

From Privacy Wiki
Jump to navigation Jump to search
WhatsApp Vulnerability Compromises Chat Sessions Through Gifs
Short Title WhatsApp Double-Free Bug Compromises Chat Sessions And Causes Memory Leaks
Location Global
Date October 2019

Taxonomy Insecurity
Information Computer Device, Communication, Identifying
Threat Actors WhatsApp, Facebook, Google

Individuals
Affected WhatsApp users
High Risk Groups
Secondary Consequences

A bug in Facebook's owned WhatsApp was found to be compromising chat sessions through GIFs.

Description

A vulnerability in WhatsApp that can be used to compromise user chat sessions, files, and messages through malicious GIFs has been disclosed. 

The security flaw is a double-free bug found in WhatsApp for Android in versions below 2.19.244. Insecurity

This vulnerability can cause memory leaking or becoming corrupted, giving attackers the opportunity to overwrite elements. Such errors can lead to memory leaks, crashes, and the execution of arbitrary code, which may result in further violations of personal information of WhatsApp users.

One security researcher who found the issue described the attack was the creation of a malicious GIF file.

Android versions 8.1 and 9.0 are exploitable, but older versions of the operating system - Android 8.0 and below - are not.

It is recommended that WhatsApp users accept automatic updates to their software to stay protected. 

Risk Statistics

Laws and Regulations

Sources

https://www.zdnet.com/article/whatsapp-vulnerability-exploited-through-malicious-gifs-to-hijack-chat-sessions/