WhatsApp security flaw gave attackers access to your phone with a “GIF”

WhatsApp’s estimated 1.6 billion users will need to update their app today after the firm issued a rather important security patch.

That patch addresses a security bug discovered by a security enthusiast who goes by the name “Awakened”. The hacker discovered that by sending a malicious GIF to a target smartphone, an attacker could gain unfettered access to the device.

The funny thing is that the GIF is not a GIF at all but rather malicious code disguised as a one. The danger is that if the GIF is sent by a friend on your contact list the file is automatically downloaded and, once a user taps the attach file icon in WhatsApp, the code executes and your device is compromised.

The good news is that this has fixed this bug with WhatsApp version 2.19.244. To find out if your app is this version or newer head to Setting, then tap Help and then tap App info.

Those with older versions of WhatsApp may want to patch as soon as possible.

“The exploit works well for Android 8.1 and 9.0, but does not work for Android 8.0 and below. In the older Android versions, double-free could still be triggered. However, because of the malloc calls by the system after the double-free, the app just crashes before reaching,” Awakened explained in a blog post.

WhatsApp meanwhile has told The Independent that it addressed the issue as soon as it was notified of it.

“We have no reason to believe this affected any users, though of course we are always working to provide the latest security features to our users,” a WhatsApp spokesperson said.

For those that don’t have automatic updates enabled you’d best update WhatsApp as quickly as possible.

While the security flaw appears to only have affected Android smartphones, iOS users may want to update – if possible – as well.


About Author


Related News