Categories: News

WhatsApp new flaw helps hackers in breaching data

A researcher has discovered a flaw in WhatsApp which is allowing hackers to breach the privacy of users and steal their data. The researcher, named “Awakend”, found a double-free bug in the app.

In a double-free bug a file, which is named “free() free()”, will cause memory corruption that can crash applications and make way for hackers by opening a path to steal data. In this case, all the hacker needs to do is modify a GIF to make it malicious, send it to users and wait for them to open the WhatsApp gallery.

The bug is allowing hackers to steal data including messages, video, audio, and other files with the help of a malicious GIF image file. In the month of May, Facebook issued a warning of an attacker. Facebook thought the attacker is a private company working for a government which is taking advantage of a security flaw on WhatsApp to snooping on human right organizations.

Awakend wrote a write up and published that on GitHub, in the article he explains that the issue sits in the view application of WhatsApp gallery. He wrote,

“The exploit works well for Android 8.1 and 9.0, but does not work for Android 8.0 and below, in the older Android versions, double-free could still be triggered. However, the app just crashes before reaching the point that we could control the PC register. Facebook acknowledged and patched it officially in WhatsApp version 2.19.244. WhatsApp users, please do update to the latest WhatsApp version (2.19.244 or above) to get rid of this bug.”

WhatsApp, while talking to The Next Web, said “that there were no reports of any attacks on users exploiting this vulnerability,” and that “this issue affects the user on the sender side, meaning the issue could in theory occur when the user takes action to send a GIF. The issue would impact their own device.”

This is not the first time hackers have attacked whatsapp, few months ago a malware attacked the whatsapp user and started replaces popular apps with fake ones and tricks the users, serving them advertisements according to cybersecurity researchers.

Sponsored
AbuBakar

Leave a Comment
Share
Published by
AbuBakar

Recent Posts

Pakistani Passport Continues to Rank Among the Worst in the World

According to the most recent Henley Passport Index, Pakistan's passport is still one of the…

17 hours ago

November 9 Approaches: Will Iqbal Day Be a Public Holiday This Year?

As Iqbal Day approaches on November 9, Pakistan prepares to honor Allama Iqbal, the celebrated…

17 hours ago

Most Wanted Human Trafficker Taken Into Custody

GUJRAT: According to the Gujrat circle of the Federal Investigation Agency (FIA), they have arrested…

18 hours ago

Air Sial Starts Weekly Flights from Islamabad to Riyadh

Air Sial, one of Pakistan's leading private airlines, has officially launched its weekly flights from…

18 hours ago

Important Update on Profit Rates for Savings Schemes 

On Friday, the government stated that from November 4th, 2024, profit rates on National Savings…

20 hours ago

Pakistan to Legalize Bitcoin and Cryptocurrency Through SBP Act Amendments?

The federal government has proposed amendments to the State Bank of Pakistan (SBP) Act aimed…

20 hours ago