A vulnerability within the photo filters in WhatsApp may have allowed hackers access to your data. The flaw allowed a threat actor to send malicious images to a recipient, which when opened could have allowed the actor to gain access to information stored in the app's memory.
"A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially-crafted image and sent the resulting image," noted WhatsApp in its disclosure.
The flaw, first highlighted by security research firm Check Point Research, disclosed the vulnerability of the Facebook-owned chat platform on November 10, 2020.
They were able to crash crucial functions within WhatsApp using malicious GIF files. WhatsApp then verified and worked on the fix.
"An image filter is a process through which pixels of the original image are modified to achieve some visual effects (e.g. blur, sharpen, etc.)," noted Check Point Research in its blog.
"This makes filters a very promising candidate to cause a crash, as a lot of computations occur on the image file during the filter application, which involves reading the image contents, manipulating the pixel values, and writing data to a new destination image. We found that switching between various filters on crafted GIF files indeed caused WhatsApp to crash."
“We regularly work with security researchers to improve the numerous ways WhatsApp protects people’s messages, and we appreciate the work that Check Point does to investigate every corner of our app. People should have no doubt that end-to-end encryption continues to work as intended and people’s messages remain safe and secure," said WhatsApp in a statement.
The company also said that it would have needed several steps from a potential hacker to access information using this method and they did not believe any user was impacted by this flaw.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
