WhatsApp recently faced a major security vulnerability that could lead to sensitive data leakage. The exploit has now been fixed by the company, it shows that even end-to-end encryption can be bypassed by hackers.
The vulnerability was discovered by CPR. The exploit required “complex steps and extensive user interaction” to be achieved. If performed correctly, the hacker could read sensitive information from WhatsApp’s memory.
To gain access to the vulnerability, the hacker needed to send an attachment that contained a specific malicious image. The user’s data was exposed after applying a filter to this image and sending it back to the attacker which resulted in a memory crash.
The vulnerability related to the WhatsApp image filter functionality and was triggered when a user opened an attachment that contained a maliciously crafted image file, then tried to apply a filter, and then sent the image with the filter applied back to the attacker. The switching between various filters on crafted GIF files indeed caused WhatsApp to crash.
The malicious hackers didn’t had time to use this exploit to obtain data from Whatsapp users. The bug was fixed and version 188.8.131.52 of the WhatsApp app now features two ways to check the integrity of an edited image with filters to avoid the exploit.