WhatsApp vulnerability enabled attackers to gain files and message access on Android devices

By Digit NewsDesk | Published on Oct 04 2019
WhatsApp vulnerability enabled attackers to gain files and message access on Android devices

Apple iPhone XR 64GB at Lowest Price Ever

6.1" display | 50% Faster Graphics performance | TrueDepth camera

Click here to know more

HIGHLIGHTS

WhatsApp has patched a vulnerability that could enable hackers to gain access to your files and chats.

The flaw reportedly affected smartphones running on Android 8 and above.

It has now been patched out

WhatsApp has been grappling with its fair share of bugs and issues and a new flaw has now come to light. Before we share any details, we urge you update the app on your Android devices, since the vulnerability we are going to talk about could enable hackers gain access to your files and messages on the app. As per a security researcher with the pseudonym Awakened, a double-free vulnerability in the popular messaging app could crash a device or even enable hackers gain access to your smartphone. First reported by TNW, the bug affects devices running on Android 8 and above, which means iOS users don’t need to worry about this particular bug. 

Before you panic, do note that Facebook was notified of the flaw and the company patched the issue with WhatsApp version 2.19.244. The researcher notes, in a Github blog post, that using just a malicious GIF file, one could trigger a Remote Control Execution (RCE) exploit. This could potentially enable an attacker to proceed in two ways; they could perform local privilege escalation and install a malicious app that can be used to steal files in WhatsApp sandbox, including message database. 

Remote code execution was also possible by exploiting the flaw, which would make use of WhatsApp‘s Gallery view. In an update, WhatsApp told TNW that there’s no reason to believe the flaw affected any users. “The key point that the [vulnerability disclosure] makes is that this issue affects the user on the sender side, meaning the issue could in theory occur when the user takes action to send a GIF. The issue would impact their own device.” as per a statement provided by WhatsApp’s spokesperson to TNW. “It was reported and quickly addressed last month. We have no reason to believe this affected any users though of course we are always working to provide the latest security features to our users.”

 

logo
Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.