security flaw confirmed in whatsapp

The encrypted WhatsApp messaging platform is not flawless, and this year several studies have revealed vulnerabilities in the app that attackers can exploit or leave users open to damaging effects. These faults included advanced nation-state attacks, targeted hacking and functionality that was misleading.

A new bug has now been revealed allowing an attacker to use a malicious GIF image file to open a weakness in WhatsApp and possibly access the material of the user. Awakened on Github, with a comprehensive explanation of how it operates, recognized and communicated the bug by “technologist and data safety enthusiast.”

It’s complex— but basically the bug depends on an attacker pushing through any channel the malicious GIF file to the device of the victim. WhatsApp, email or any other communication platform could be that.

With the GIF on the phone, the hack triggers and the computer and its contents become possibly susceptible when the victim opens the WhatsApp gallery to send any image— not necessarily the malicious one.

“WhatsApp users,” warns Awakened in his blog, “kindly update the recent version of WhatsApp (2.19.244 or higher) to keep this bug secure.”

From a technical point of view, the attack is based on a so-called double-free bug, where the same memory address is called twice on the machine, pushing memory allocation into an unexpected spin, either crashing the app or opening the vulnerability.

Replicating an attack using the bug doesn’t seem to be completely reliable, affecting distinct versions of operating system software in distinct respects, but a bug is a bug that can be created and extended once recognized.

WhatsApp said in a declaration to The Next Web that there were no reports of any assaults on customers exploiting this vulnerability, and that “this problem impacts the user on the sender side, which means that the problem could theoretically arise when the user takes action to send a GIF. The problem would have an effect on their own device.

As then pointed out by Awakened, “I would say the above assertion is incorrect. The spokesman must have misunderstood the issue. “What he means is that while some action is required on the side of the victim— opening the gallery within WhatsApp,

this is a run of the operation of the factory and not one that would raise suspicion. The vulnerability can be utilized as long as the attacker has placed the picture on the device— through any channel.

WhatsApp also revealed to TNW that last month the bug had been reported and resolved rapidly. We have no reason to think that any customers influenced this, but of course we always work to provide our customers with the recent safety characteristics.

The bug has been recognized and patched— the specifics of how it is now being utilized less than making sure customers update to the recent version of the app. And while this only seems to have an effect on Android devices, it’s universal advice to update. Once a vulnerability hits the government domain,

there is always a danger that it will be used— would-be attackers are well conscious of the inertia that many consumers see applications updated for information safety much more sporadically than healthy.

This is another timely reminder for WhatsApp and “secure” messaging in particular that nothing is ever 100% safe and secure, exploits have been discovered and used. For this, there is no silver bullet except to exercise caution with what is installed and downloaded, and to keep updated systems and applications.

Video Credit : thenextweb

Also Read:-

WhatsApp will take legal action if you send bulk messages to your contacts, misuse app


Please enter your comment!
Please enter your name here