A security researcher has discovered a vulnerability in Facebook’s WhatsApp messaging app that allows attackers to access the device and steal data, files and messages using malicious GIFs.
The vulnerability stems from a double malfunction in WhatsApp, according to a security researcher named Awakened.The double vulnerability indicates a memory malfunction that could cause an application to crash, or open a vulnerability for the hacker to compromise the security of the affected device.
The error depends primarily on an attacker sending a malicious GIF file to the victim’s device through any channel, possibly through WhatsApp, email or any other messaging platform.
All it takes to carry out the attack is to create a malicious GIF, and wait for the user to open WhatsApp Gallery – the user to create previews of photos, videos, and GIFs – to send any image, not necessarily the malware.
It seems that users using certain versions of the Android operating system for mobile phones are most vulnerable to this error.
The security researcher wrote : Exploitation works well until version 2.19.230 of WhatsApp, but the company officially corrected this exploitation within version 2.19.244. Exploitation works well for Android 8.1 and Android 9, but it doesn’t work on Android 8 or older Android.
WhatsApp said it had no reason to believe that any user had been affected by the flaw, and that it had solved the problem through an official correction. The company spokesman said: “This problem has been reported and addressed quickly last month, and we are always working to provide the latest security features to our users”.
WhatsApp’s encrypted platform is not flawless, and several reports this year have revealed vulnerabilities in the app, which can be exploited by attackers or that can make users exposed to harmful consequences.