A researcher has discovered a flaw in WhatsApp which is allowing hackers to breach the privacy of users and steal their data. The researcher, named “Awakend”, found a double-free bug in the app.
In a double-free bug a file, which is named “free() free()”, will cause memory corruption that can crash applications and make way for hackers by opening a path to steal data. In this case, all the hacker needs to do is modify a GIF to make it malicious, send it to users and wait for them to open the WhatsApp gallery.
The bug is allowing hackers to steal data including messages, video, audio, and other files with the help of a malicious GIF image file. In the month of May, Facebook issued a warning of an attacker. Facebook thought the attacker is a private company working for a government which is taking advantage of a security flaw on WhatsApp to snooping on human right organizations.
Awakend wrote a write up and published that on GitHub, in the article he explains that the issue sits in the view application of WhatsApp gallery. He wrote,
“The exploit works well for Android 8.1 and 9.0, but does not work for Android 8.0 and below, in the older Android versions, double-free could still be triggered. However, the app just crashes before reaching the point that we could control the PC register. Facebook acknowledged and patched it officially in WhatsApp version 2.19.244. WhatsApp users, please do update to the latest WhatsApp version (2.19.244 or above) to get rid of this bug.”
WhatsApp, while talking to The Next Web, said “that there were no reports of any attacks on users exploiting this vulnerability,” and that “this issue affects the user on the sender side, meaning the issue could in theory occur when the user takes action to send a GIF. The issue would impact their own device.”
This is not the first time hackers have attacked whatsapp, few months ago a malware attacked the whatsapp user and started replaces popular apps with fake ones and tricks the users, serving them advertisements according to cybersecurity researchers.
Apple is reportedly preparing for a significant design overhaul with its iPhone 17 series, blending…
Karachi: A private school in Karachi has unveiled Pakistan’s first AI-powered teacher, a groundbreaking move…
Third-party apps have long been a staple of the Android ecosystem, but their appeal has…
ISLAMABAD: The Competition Commission of Pakistan (CCP) has completed its Phase-II review of Pakistan Telecommunication…
Xiaomi has shattered records by producing 100,000 vehicles in just 230 days. This is nearly…
OpenAI, in collaboration with nonprofit organization Common Sense Media, announced on Wednesday the launch of…