September 21, 2023

WhatsApp recently faced a major security vulnerability that could lead to sensitive data leakage. The exploit has now been fixed by the company, it shows that even end-to-end encryption can be bypassed by hackers.

The vulnerability was discovered by CPR. The exploit required “complex steps and extensive user interaction” to be achieved. If performed correctly, the hacker could read sensitive information from WhatsApp’s memory.

To gain access to the vulnerability, the hacker needed to send an attachment that contained a specific malicious image. The user’s data was exposed after applying a filter to this image and sending it back to the attacker which resulted in a memory crash.

The vulnerability related to the WhatsApp image filter functionality and was triggered when a user opened an attachment that contained a maliciously crafted image file, then tried to apply a filter, and then sent the image with the filter applied back to the attacker. The switching between various filters on crafted GIF files indeed caused WhatsApp to crash.

The malicious hackers didn’t had time to use this exploit to obtain data from Whatsapp users. The bug was fixed and version 2.21.1.13 of the WhatsApp app now features two ways to check the integrity of an edited image with filters to avoid the exploit.

Tags:

Leave a Reply

You may have missed

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023

Trend Micro Endpoint Vulnerability – CVE-2023-41179

September 20, 2023

GitLab Addresses Critical Vulnerability -CVE-2023-4998

September 20, 2023

Crowdstrike New Offerings and Bionic.ai Acquisition

September 20, 2023

Microsoft AI exposed terabytes of data accidentally

September 19, 2023
%d bloggers like this: