There was a potential security flaw in the WhatsApp image filter function that could allow hackers to retrieve sensitive data. Major security vulnerabilities were discovered by security research firm Check Point Research (CPR). The research firm noted that errors in WhatsApp’s image filter function for Android can be triggered when a user opens a maliciously created image file.
WhatsApp Read-Writing Weakness: What it is, how it can lead to sensitive data leaks
Checkpoint research in November last year found reading-writing vulnerabilities outside of WhatsApp. The weakness mentioned as a memory corruption problem is that the image filter function of the cross-messaging app crashes when it was used with some specially designed GIF files.
There will be “necessary complex steps and extensive user interaction” to exploit vulnerabilities, the cybersecurity firm’s researchers noted. The Facebook-owned company, however, declined to find any evidence that the vulnerability had ever been abused.
According to CPR, the security error started “when a user opens an attachment that contains a maliciously created image file, then an attempt is made to apply a filter and then the image is returned to the attacker with the filter.”
Although the issue was revealed last year, WhatsApp took time to resolve the issue and in February pressed an update via version 22.214.171.124 via which added two new checks to the source image and filter images to limit memory access.
“Once we discovered a security vulnerability, we quickly reported our results to WhatsApp, which was collaborating and collaborating to issue a fix. The result of our combined efforts is a secure WhatsApp for users worldwide, ”said Oded Vanunu, Head of Product Weakness Research at Checkpoint.
WhatsApp has no doubt acknowledged the issue, published a security solution, and listed its security advisory site vulnerabilities as CVE-2020-1910.
“People have no doubt that end-to-end encryption is working as it should and people’s messages are safe and secure. This report covers many of the steps that a user needs to take and we have no reason to believe that users will be affected by this bug. That said, even the most complex scenarios identified by researchers can help increase user safety, ”WhatsApp said in response to Checkpoint Research.
The cross-messaging platform advises users to keep apps and OSK up to date and when downloading and downloading updates, and reports any malicious activity to them while using WhatsApp.
The post Weakness of reading and writing outside of WhatsApp: How it can lead to sensitive data leaks appeared first on BGR India.