In a blog post on GitHub, a security researcher by the name “Awakened” has reported that Whatsapp for Android has a “double-free” vulnerability. A “double-free” vulnerability is a memory corruption anomaly that could crash an app, and open up a backdoor that attackers can make use to access your device. This essentially means attackers can use a malicious GIF to access the contents of users’ photo galleries.
“When the user receives the malicious GIF file, nothing will happen until the user opens the WhatsApp Gallery to send a media file to his/her friend,” Awakened wrote in the post. Awakened said he contacted Facebook regarding the bug, who acknowledged and patched it officially in WhatsApp version 2.19.244. He recommends users update to the latest WhatsApp version (2.19.244 or above) to avoid this vulnerability.
WhatsApp confirmed that the bug “was reported and quickly addressed last month. We have no reason to believe this affected any users, though of course we are always working to provide the latest security features to our users.”
Even though WhatsApp claims its communication to be secure, there are many elements that could be exploited by attackers. Users should always exercise caution while downloading content from suspicious senders.
Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.
You will receive weekly cybersecurity news soon!
© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.