WhatsApp users are being urged to update the app to avoid a dangerous cyber attack from a security vulnerability.
WhatsApp recently fixed a security vulnerability in its Android-based applications after a security researcher reported the issue almost three months back.
The researcher who goes by a name Awakened reported that the vulnerability could have allowed hackers to compromise Android devices remotely, allowing them to steal files and chat messages. Named CVE-2019-11932, the vulnerability is a double-free memory corruption bug that exists in the open-source GIF image library that WhatsApp uses to generate previews for videos, images, and GIFs.
For those unfamiliar with the term, a double-free vulnerability refers to a memory corruption anomaly that could crash an app, or in a worse case, open up an exploit vector that attackers can abuse to obtain access to your device. All it takes to perform the attack is to craft a malicious GIF and wait for the user to open the WhatsApp gallery.
Awakened stated that the flaw allows the attackers to execute arbitrary code on targeted devices. To exploit this flaw, an attacker needs to send a specially created malicious GIF that is specifically targeted to Android users. The malware triggers when the user opens the image in WhatsApp.
“The exploit works well for Android 8.1 and 9.0, but does not work for Android 8.0 and below. In the older Android versions, double-free could still be triggered. However, the app just crashes before reaching to the point that we could control the PC register.”
“Facebook acknowledged and patched it officially in WhatsApp version 2.19.244. WhatsApp users, please do update to the latest WhatsApp version (2.19.244 or above) to get rid of this bug,” the researcher added.
Today, the short looping clips, GIFs are everywhere—on your social media, on your message boards, on your chats, helping users perfectly express their emotions, making people laugh, and reliving a highlight.
Therefore, to protect yourself against any exploit surrounding this security vulnerability, you are recommended to update your WhatsApp to the latest version from the Google Play Store as soon as possible.
WhatsApp for iOS is not affected by this vulnerability. But apart from this, since the flaw resides in an open-source library, it is also possible that any other Android app using the same affected library could also be vulnerable to similar attacks.
However, this is not the first time that the Facebook-owned app is dealing with such vulnerabilities in its software. Recently, Symantec’s Modern OS Security team discovered a flaw affecting WhatsApp accounts for Android devices. The flaw allows malicious attackers to manipulate and expose media files in WhatsApp.
The security flaw, dubbed Media File Jacking was reported by Symantec to affect WhatsApp for Android by default if certain features were enabled. If exploited, the flaw allows the attackers to misuse and manipulate sensitive information like personal photos and videos, corporate documents, invoices, and voice memos.