The bug was discovered by information security enthusiast ‘Awakened’
Popular messaging app, WhatsApp, was recently affected with a double-free bug which gave access to hackers and this allowed them to gain access to user data through GIFs. However, ever since this news broke, WhatsApp has patched the bug with the latest version of the app.
This bug was discovered by information security enthusiast ‘Awakened’ who then went on to post all the details on GitHub. As per the post, hackers could get inside someone’s phone by sending a malicious GIF files to the user. Now, this GIF file should have been sent as a document and not as a media file for the bug to work. As soon as the tainted GIF is received, the bug is triggered through WhatsApp’s Gallery folder.
Also, the researcher discovered that simply by opening the WhatsApp Gallery to send images or videos is enough to trigger the bug. Thus, even if the user does not send any file, the bug will still be activated and it will give the hackers remote access.
It should be said here that since WhatsApp’s Gallery folder shows a preview of images, videos and GIFs received on the app and since the media file including the malicious GIF is already downloaded and previewed, it will see the file being triggered.
Facebook was informed about this bug and they even responded to the discovery through a statement which was released to The Next Web – “The key point that the [vulnerability disclosure] makes is that this issue affects the user on the sender side, meaning the issue could, in theory, occur when the user takes action to send a GIF. The issue would impact their own device.” a WhatsApp person told TNW.
“It was reported and quickly addressed last month. We have no reason to believe this affected any users though of course, we are always working to provide the latest security features to our users.”
Like this article? Share with your friends.