The researcher who goes by a name Awakened reported that the vulnerability could have allowed hackers to compromise Android devices remotely, allowing them to steal files and chat messages. Named CVE-2019-11932, the vulnerability is a double-free memory corruption bug that exists in the open-source GIF image library that WhatsApp uses to generate previews for videos, images, and GIFs. For those unfamiliar with the term, a double-free vulnerability refers to a memory corruption anomaly that could crash an app, or in a worse case, open up an exploit vector that attackers can abuse to obtain access to your device. All it takes to perform the attack is to craft a malicious GIF and wait for the user to open the WhatsApp gallery. Awakened stated that the flaw allows the attackers to execute arbitrary code on targeted devices. To exploit this flaw, an attacker needs to send a specially created malicious GIF that is specifically targeted to Android users. The malware triggers when the user opens the image in WhatsApp. “WhatsApp users, please do update to latest WhatsApp version to stay safe from this bug,” Awakened warned in a blog post about the flaw. “Facebook acknowledged and patched it officially in WhatsApp version 2.19.244. WhatsApp users, please do update to the latest WhatsApp version (2.19.244 or above) to get rid of this bug,” the researcher added. Today, the short looping clips, GIFs are everywhere—on your social media, on your message boards, on your chats, helping users perfectly express their emotions, making people laugh, and reliving a highlight. Therefore, to protect yourself against any exploit surrounding this security vulnerability, you are recommended to update your WhatsApp to the latest version from the Google Play Store as soon as possible. WhatsApp for iOS is not affected by this vulnerability. But apart from this, since the flaw resides in an open-source library, it is also possible that any other Android app using the same affected library could also be vulnerable to similar attacks. However, this is not the first time that the Facebook-owned app is dealing with such vulnerabilities in its software. Recently, Symantec’s Modern OS Security team discovered a flaw affecting WhatsApp accounts for Android devices. The flaw allows malicious attackers to manipulate and expose media files in WhatsApp. The security flaw, dubbed Media File Jacking was reported by Symantec to affect WhatsApp for Android by default if certain features were enabled. If exploited, the flaw allows the attackers to misuse and manipulate sensitive information like personal photos and videos, corporate documents, invoices, and voice memos.
