Another security hole in WhatsApp. By using WhatsApp GIFs, strangers can read chats.

Scammers use a nasty WhatsApp hack to steal your data. – The most important thing at the beginning:

A vulnerability in Messenger allows attackers to access memory areas on the smartphone when opening WhatsApp GIFs. A code is implemented that makes information and chat histories visible.

Access after opening WhatsApp GIFs

Potential attackers have the opportunity to access messages and files and thus read them. To make this possible, it is enough to open a WhatsApp GIF.

In order to open a GIF, WhatsApp has to load the images it contains onto the smartphone. To do this, a command is sent that allows storage space to be opened. The code “free()” is provided. In the case of the current error - a so-called "double-free bug" - this is asked twice, so WhatsApp is "confused" because the storage release requested several times is not defined in the program. This means that security mechanisms are no longer effective when necessary.

[mk_ad]

The malicious file can reach the smartphone via an app that has already been manipulated. However, it could also be sent as a WhatsApp GIF in a message. Once you have opened the file, it writes its own code into the program, which means that all information and chat histories are made visible.

Security gap closed

The security researcher with the synonym “Awakened” alerted Facebook to this bug. Shortly afterwards the security gap was closed.

Smartphones with Android versions up to and including 2.19.243 are affected by this vulnerability. After this version the program error was eliminated.
This error allows memory areas to be replaced with external content under certain circumstances. A malicious file could reach the smartphone via an app that has already been manipulated, but it could also be sent as a GIF in a message.

[mk_ad]

It is therefore all the more important to always keep the messenger up to date in order to avoid such access.

From version 2.19.244, WhatsApp is protected against “double-free” attacks.

Source: futurezone.de / Merkur.de
Article image: Mimikama


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )