New WhatsApp Flaw Compromises Image Gallery
Muhammad Mubeen Javed
A researcher going by the name ‘Awakened’ discovered a vulnerability in WhatsApp which stems from the double-free bug in the app.
For those who don’t know, a double-free bug is a memory corruption issue that can crash apps. It make way for hackers by opening an exploit vector to steal data. All the hackers needs to do is modify a GIF to make it malicious, send it to the victim and wait for him to open the WhatsApp gallery.
He published the technical write up on GitHub where he explains that the issue sits in the view implementation of WhatsApp gallery.
The exploit does not affect all versions of Android and WhatsApp.
The researcher had this to say in his blog post:
The exploit does not work for Android 8.0 and below. In the older Android versions, double-free could still be triggered. The app just crashes before reaching the point that we could control the PC register.
Facebook acknowledged and patched it officially in WhatsApp version 2.19.244. WhatsApp users, please do update to the latest WhatsApp version (2.19.244 or above) to get rid of this bug.
Earlier this year, a WhatsApp vulnerability that allowed hackers to slip spyware in the user device was reported. Before that in October 2018, Google’s project zero bug-hunting team reported a WhatsApp vulnerability that allowed hackers to seize an account by placing a video call.