Technology
New WhatsApp bug may steal files, messages with GIFs
San Francisco, Oct 3
A security bug has been found in Facebook-owned instant messenger WhatsApp that could let attackers to obtain access to a device and steal data by sending a malicious GIF file.
The danger stems from a double-free bug in WhatsApp, according to a researcher going by the nickname Awakened, The Next Web reported on Wednesday.
A double-free vulnerability is a memory corruption anomaly that could crash an application or open up an exploit vector that attackers can abuse to gain access to users' device.
According to Awakened's post on GitHub, the flaw resided in WhatsApp's Gallery view implementation that is used to generate previews for photographs, videos and GIFs.
All it takes to perform the attack is to craft a malicious GIF, and wait for the user to open the WhatsApp gallery, the report added.
"The exploit works well until WhatsApp version 2.19.230. The vulnerability is officially patched in WhatsApp version 2.19.244," wrote the researcher.
The bug also works for Android 8.1 and Android 9.0 OS but does not work for Android 8.0 and below.
In the older Android versions, double-free could still be triggered. However, because of the malloc calls by the system after the double-free, the app just crashes before reaching to the point that we could control the PC register, according to a report in Gizmodo.
The danger stems from a double-free bug in WhatsApp, according to a researcher going by the nickname Awakened, The Next Web reported on Wednesday.
A double-free vulnerability is a memory corruption anomaly that could crash an application or open up an exploit vector that attackers can abuse to gain access to users' device.
According to Awakened's post on GitHub, the flaw resided in WhatsApp's Gallery view implementation that is used to generate previews for photographs, videos and GIFs.
All it takes to perform the attack is to craft a malicious GIF, and wait for the user to open the WhatsApp gallery, the report added.
"The exploit works well until WhatsApp version 2.19.230. The vulnerability is officially patched in WhatsApp version 2.19.244," wrote the researcher.
The bug also works for Android 8.1 and Android 9.0 OS but does not work for Android 8.0 and below.
In the older Android versions, double-free could still be triggered. However, because of the malloc calls by the system after the double-free, the app just crashes before reaching to the point that we could control the PC register, according to a report in Gizmodo.
12 hours ago
IPC Houston Fellowship Announces Annual Convention.
14 hours ago
24 News Channel in the forefront to help the revival of Wayanad after landslide tragedy
16 hours ago
Indian Diaspora Excited to Welcome Prime Minister Modi Ahead of U.S. Visit
16 hours ago
Biden Administration Rapidly Allocating Climate Funds as Trump Vows to Cut Them
17 hours ago
Tesla, SpaceX, and X Employees Donate to Harris While Musk Supports Trump
17 hours ago
Biden to Meet Zelenskyy Next Week to Discuss Ukraine War, Says White House
17 hours ago
Woman sentenced to death for blasphemy in Pakistan amid ongoing human rights concerns
17 hours ago
Congress insults India on foreign land, is run by Tukde-Tukde gang, urban naxals": PM Modi
17 hours ago
Hollywood A-listers back Kamala Harris during Oprah show ahead of US polls
17 hours ago
Trump and Republicans Claim Non-Citizen Voting in U.S. Election, Raising Concerns
18 hours ago
Himachal govt to hand over Jangi Thopan Powari hydro project to state power corporation
19 hours ago
Rajasthan govt's amnesty scheme for miners
19 hours ago
India to see 35 lakh weddings from November-mid December, gold demand to surge