Alert: Don't send GIFs via WhatsApp, till you update it
What's the story
A new vulnerability has been discovered in WhatsApp which allows hackers to gain access to your files and messages by leveraging malicious GIFs. In a technical write-up on Github, a Singapore-based researcher has explained the flaw, noting that the security flaw arises from a double-free bug in WhatsApp. However, the vulnerability has been addressed by the company in version 2.19.244.
Information
What is a double-free bug?
For the uninitiated, a double-free bug refers to a memory corruption issue that can cause the program to crash or, in some cases, open up an exploit vector that hackers can abuse to obtain access to your device without your knowledge.
Modus operandi
Here's how WhatsApp's double-bug puts your phone at risk
The WhatsApp double bug vulnerability can be exploited by sending a malicious GIF file to a user via any channel. Once the GIF is on the phone, the attack gets triggered as soon as the user opens WhatsApp's media gallery. Since WhatsApp shows previews of every media (including the malicious GIF), it will set-off the double-free bug and place the Remote Code Execution exploit.
Concerns
Primarily, the vulnerability seems to affect Android devices
According to the researcher, the exploit "works well for Android 8.1 and 9.0, but does not work for Android 8.0 and below." "In the older Android versions, double-free could still be triggered. However, because of the malloc calls by the system after the double-free, the app just crashes before reaching to the point that we could control the PC register," he noted.
Information
What should you do?
As it turns out, the company has acknowledged the vulnerability and patched it officially in WhatsApp version 2.19.244. So, to secure your device, all you need to do is update your WhatsApp app.