WhatsApp has patched a vulnerability in its image filter function that puts your security at risk. The vulnerability could allow hackers to steal your sensitive information including private messages using a specially crafted image. A cybersecurity firm Check Point Research has reported this vulnerability to WhatsApp. It existed within the image filter function of WhatsApp for Android and WhatsApp Business for Android.
On the other hand, WhatsApp has now fixed the security issue and claimed that there was no evidence that the vulnerability was ever abused. The loophole was reported on November 10, 2020, called “Out-Of-Bounds read-write vulnerability”. WhatsApp took some time in fixing the bug and issued a patch in February. It was provided to end-users through version 22.214.171.124 of both WhatsApp for Android and WhatsApp Business for Android apps.
WhatsApp Patches Vulnerability in Image Filter Function Put Your Security at Risk
Researchers at Check Point Research discover the vulnerability that is technically a memory corruption issue while looking at the way WhatsApp processes and sends images on its platform. During the research, it was found that the image filter function of the messaging app crashes when it was used with some specially-designed GIF files. That brought the researchers to the point from where they were able to spot the loophole.
According to Check Point Research, the vulnerability could be triggered after a user opens an attachment containing a maliciously crafted image file. It then tries to apply a filter, and then sends the image with the filter applied back to the attacker. The researchers noted that hackers would have required “complex steps and extensive user interaction” to exploit the issue.
However, if it could be successfully exploited, the vulnerability is claimed to allow hackers to read sensitive information from WhatsApp memory. It could be your private messages and previously shared images and videos.
“Once we discovered the security vulnerability, we quickly reported our findings to WhatsApp, who was cooperative and collaborative in issuing a fix. The result of our collective efforts is a safer WhatsApp for users worldwide,”
said Oded Vanunu, Head of Products Vulnerabilities Research at Check Point.
WhatsApp has listed the details of the vulnerability on its security advisories site as CVE-2020-1910. The platform added two new checks on source and filter images to restrict memory access.
“People should have no doubt that end-to-end encryption continues to work as intended and people’s messages remain safe and secure. This report involves multiple steps a user would have needed to take and we have no reason to believe users would have been impacted by this bug. That said, even the most complex scenarios researchers identify can help increase security for users.”
WhatsApp also recommended its users keep their apps and operating systems up to date. It is better to download updates whenever they’re available. If you found any suspicious messages immediately report them. If you experience any such issue, you can directly contact its team.