Home Tech WhatsApp Patches Vulnerability in Image Filter Function That Could Have Led to...

WhatsApp Patches Vulnerability in Image Filter Function That Could Have Led to Data Exposure


WhatsApp has patched a vulnerability that could allow an attacker to read sensitive information from the app’s memory, including private messages using a specially crafted image. The vulnerability was reported to WhatsApp by cybersecurity firm Check Point Research, and it existed within the image filter function of WhatsApp for Android and WhatsApp Business for Android that allows users to add filters to their images. The Facebook-owned company fixed the security issue after it was reported by Check Point researchers and claimed that there was no evidence that the vulnerability was ever abused.

Called “Out-Of-Bounds read-write vulnerability”, the issue was disclosed to WhatsApp by Check Point Research on November 10, 2020. WhatsApp took some time in fixing the bug and issued a patch in February. It was provided to end users through the version 2.21.1.13 of both WhatsApp for Android and WhatsApp Business for Android apps.

Researchers at Check Point Research were able to discover the vulnerability that is technically a memory corruption issue while looking at the way WhatsApp processes and sends images on its platform. During the research, it was found that the image filter function of the messaging app crashes when it was used with some specially-designed GIF files. That brought the researchers to the point from where they were able to spot the loophole.

According to Check Point Research, the vulnerability could be triggered after a user opens an attachment containing a maliciously crafted image file, tries to apply a filter, and then sends the image with the filter applied back to the attacker. The researchers, thus, noted that hackers would have required “complex steps and extensive user interaction” to exploit the issue.

However, if it could be successfully exploited, the vulnerability is claimed to allow hackers to read sensitive information from WhatsApp memory that include private messages and previously shared images and videos.

“Once we discovered the security vulnerability, we quickly reported our findings to WhatsApp, who was cooperative and collaborative in issuing a fix. The result of our collective efforts is a safer WhatsApp for users worldwide,” said Oded Vanunu, Head of Products Vulnerabilities Research at Check Point, in a prepared statement.

WhatsApp has listed the details of the vulnerability on its security advisories site as CVE-2020-1910. The platform added two new checks on source and filter images to restrict memory access.

“People should have no doubt that end-to-end encryption continues to work as intended and people’s messages remain safe and secure,” WhatsApp said in its statement given to Check Point Research. “This report involves multiple steps a user would have needed to take and we have no reason to believe users would have been impacted by this bug. That said, even the most complex scenarios researchers identify can help increase security for users.”

WhatsApp also recommended its users to keep their apps and operating systems up to date, download updates whenever they’re available, report suspicious messages, and reach out directly to its team if they experience issues using WhatsApp.


Are the Galaxy Z Fold 3 and Z Flip 3 still made for enthusiasts — or are they good enough for everyone? We discussed this on Orbital, the Gadgets 360 podcast. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, Amazon Music and wherever you get your podcasts.



Source link

RELATED ARTICLES

Nokia G50 With Triple Rear Cameras, Snapdragon 480 SoC Launched: Price, Specifications

Nokia G50 was launched on Wednesday as the latest affordable 5G phone by Nokia brand licensee HMD Global. The new Nokia phone comes...

Realme GT Review: An All-Rounder at the Right Price

The Realme GT is currently the most high-end offering in Realme's new GT series of smartphones. I've used this phone for more than...

Pokemon Unite — First MOBA Game in the Franchise — Launched for Android, iOS

Pokemon Unite, the franchise's first multiplayer online battle arena (MOBA) game, has been released for Android and iOS platforms on Wednesday, September 22....

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Ex-Cameroon Striker Samuel Eto Targets Federation Presidency

Samuel Eto captained Cameroon during his playing days and also represented Barcelona.© InstagramSamuel Eto'o is running in December's election for the presidency of...

Chhattisgarh to launch tourism circuit based on Lord Ram’s stay in the state during his exile from Ayodhya

When it comes to places of religious significance and those finding mention in mythological stories, the state of Chhattisgarh has a long list...

Government Likely To Block Chinese Investment In Insurance Giant LIC’s IPO: Report

<!-- -->LIC is considered a strategic asset, commanding more than 60% of India's life insurance market.New Delhi: The Centre wants to block Chinese...

Recent Comments