A new GIF vulnerability could leave your WhatsApp messages exposed

WhatsApp has patched a new vulnerability that could potentially lead to WhatsApp messages getting exposed. The vulnerability was related to GIF being sent to the victim by the hacker.

According to Pham Hong Nhat who discovered the vulnerability, just receiving a GIF from someone could trigger the bug as WhatsApp automatically tries to open GIF once they are received. Once the GIF was opened, the hacker could easily gain access to the phone’s storage and even access WhatsApp chats. Pham claims that he reported the vulnerability to Facebook back in late July and the company rolled out the fix in September. Pham noted that the vulnerability works on WhatsApp v2.19.230 and below. The vulnerability was officially patched by Facebook in v2.19.244. The exploit affects Android 8.1 and above. Ironically, older versions of Android had an outdated code which prevented the payload from execution.

Facebook has assigned CVE-2019-11932 to the vulnerability and it is marked as fixed. However, if you haven’t updated WhatsApp in a while then it might be a good idea to do so.

Comments