Categories: News

WhatsApp new flaw helps hackers in breaching data

A researcher has discovered a flaw in WhatsApp which is allowing hackers to breach the privacy of users and steal their data. The researcher, named “Awakend”, found a double-free bug in the app.

In a double-free bug a file, which is named “free() free()”, will cause memory corruption that can crash applications and make way for hackers by opening a path to steal data. In this case, all the hacker needs to do is modify a GIF to make it malicious, send it to users and wait for them to open the WhatsApp gallery.

The bug is allowing hackers to steal data including messages, video, audio, and other files with the help of a malicious GIF image file. In the month of May, Facebook issued a warning of an attacker. Facebook thought the attacker is a private company working for a government which is taking advantage of a security flaw on WhatsApp to snooping on human right organizations.

Awakend wrote a write up and published that on GitHub, in the article he explains that the issue sits in the view application of WhatsApp gallery. He wrote,

“The exploit works well for Android 8.1 and 9.0, but does not work for Android 8.0 and below, in the older Android versions, double-free could still be triggered. However, the app just crashes before reaching the point that we could control the PC register. Facebook acknowledged and patched it officially in WhatsApp version 2.19.244. WhatsApp users, please do update to the latest WhatsApp version (2.19.244 or above) to get rid of this bug.”

WhatsApp, while talking to The Next Web, said “that there were no reports of any attacks on users exploiting this vulnerability,” and that “this issue affects the user on the sender side, meaning the issue could in theory occur when the user takes action to send a GIF. The issue would impact their own device.”

This is not the first time hackers have attacked whatsapp, few months ago a malware attacked the whatsapp user and started replaces popular apps with fake ones and tricks the users, serving them advertisements according to cybersecurity researchers.

Sponsored
AbuBakar

Share
Published by
AbuBakar

Recent Posts

Itel S25 Ultra Fails Durability Test, Raising Concerns

The Itel S25 series, known for its durability and affordability, recently faced scrutiny during a…

9 mins ago

WhatsApp Will No Longer Work on Older Android Phones Starting January 2025

WhatsApp has officially confirmed that, beginning January 1, 2025, it will end support for Android…

13 mins ago

Rs158 Billion Spent on Importing Mobile Phones to Pakistan in the Last Five Months

According to data from the Pakistan Bureau of Statistics (PBS), Pakistan imported mobile phones worth…

2 hours ago

EU Concerns Over Pakistan’s Military Court Sentences May Impact GSP+ Trade Benefits

The European Union (EU) has expressed concern over the recent convictions of 25 civilians by…

2 hours ago

SBP Announces December 25 as a Bank Holiday

The State Bank of Pakistan (SBP) has officially declared Wednesday, December 25, 2024, as a…

3 hours ago

Greentree Holdings Ltd Aims for 35% Stake in TRG Pakistan

AKD Securities, the manager of the offer, informed the main stock exchange on Monday that…

3 hours ago