WhatsApp has patched a vulnerability to s users to add filters to their images. The Facebook-owned company issue after it was reported by Check Point researchers and claimed no evidence that the vulnerability was ever abused. Called “Out-Of-Bounds read-write vulnerability”, the case was disclosed to WhatsApp by Check Point Research on November 10, 2020.app’s memory, including private messages using a specially crafted image. The vulnerability was reported to WhatsApp by cybersecurity firm Check . It exists within the image filter function of WhatsApp for Android and WhatsApp Business for Android, allowing
WhatsApp took some time toand issued a patch in February. It was provided to end-users through version 220.127.116.11 of WhatsApp for . Researchers at Check Point Research discovered the vulnerability that is technically a memory corruption issue while looking at how on its platform. During the research, it was found that the image filter function of the crashed when it was used with some specially-designed GIF files. That brought the researchers to the point where they could spot the loophole.
According to Check Point Research, the vulnerability could be triggered after a user opens an attachment containing a maliciously crafted image file, tries to apply a filter, and then sends the image with the filter used back to the attacker. The researchers, thus, noted that hackers would haveinteraction” to exploit the issue. However, suppose it could be successfully used. In that case, the vulnerability allows hackers to read sensitive information from WhatsApp memory, including private .
“Once we discovered the security vulnerability, we quickly reported our findings to WhatsApp, which was cooperative and collaborative in issuing a fix. The result of ouris a safer WhatsApp for users worldwide,” said Oded Vanunu, Head of Products Vulnerabilities Research at Check Point, in a prepared statement. WhatsApp has listed the vulnerability details on its security advisories site as CVE-2020-1910. The platform added two new checks on source and filter images to restrict memory access.
“People should not doubt thatcontinues to work as intended and people’s messages remain safe and secure,” WhatsApp said in its statement to Check Point Research. “This would have needed to take, and we have no reason to believe users would this bug would have impacted users even the most complex scenarios researchers identify can help increase user security.” WhatsApp also recommends its users keep their , download updates whenever they’re available, report suspicious messages, and reach out directly to its team if they experience issues using WhatsApp.