Malicious GIFs can Hack WhatsApp Chats

hack

Malicious GIFs can hack WhatsApp chats and compromise sensitive, private information. User chat sessions, files, and messages are vulnerable to this malicious GIF.

Called as CVE-2019-11932, this security flaw is basically a double-free bug in all WhatsApp for Android versions below 2.19.244.

When the free() parameter is called twice on the same value & argument in software, a double-free vulnerability occurs. A bug of this kind can lead to leakage of memory and get corrupted. This allows the attacker to overwrite elements and even execute arbitrary code.

Must read: WhatsApp tests ‘Disappearing Messages’ Feature

A researcher who goes by the handle “Awakened” discovered the WhatsApp vulnerability.

Awakened explained that the bug can be activated in two ways. In the first way, a malicious app is already installed on an Android device and then the app creates a malicious GIF file that collects library data to steal files from WhatsApp.

The second attack method needs a user to be exposed to a malicious GIF’s payload in WhatsApp by an attachment or via other channels. On the other hand, if a GIF is sent directly via the Gallery Picker of WhatsApp, the attack will not work.

Leave a Reply

Your email address will not be published. Required fields are marked *