Malicious GIFs can hack WhatsApp chats and compromise sensitive, private information. User chat sessions, files, and messages are vulnerable to this malicious GIF.
Called as CVE-2019-11932, this security flaw is basically a double-free bug in all WhatsApp for Android versions below 2.19.244.
When the free() parameter is called twice on the same value & argument in software, a double-free vulnerability occurs. A bug of this kind can lead to leakage of memory and get corrupted. This allows the attacker to overwrite elements and even execute arbitrary code.
A researcher who goes by the handle “Awakened” discovered the WhatsApp vulnerability.
Awakened explained that the bug can be activated in two ways. In the first way, a malicious app is already installed on an Android device and then the app creates a malicious GIF file that collects library data to steal files from WhatsApp.
The second attack method needs a user to be exposed to a malicious GIF’s payload in WhatsApp by an attachment or via other channels. On the other hand, if a GIF is sent directly via the Gallery Picker of WhatsApp, the attack will not work.