How it can cause sensitive data leak

0
38


There was a potential security flaw in the WhatsApp image filter function that could allow hackers to get hold of sensitive data. The major security vulnerability was discovered by security research firm Check Point Research (CPR). The research firm reported that an inherent flaw in the image filter function of WhatsApp for Android could be triggered when a user opens a maliciously crafted image file. Also read- WhatsApp banned 30,27,000 accounts in India between June 16 and July 31: Know the reason

WhatsApp Out-of-Bounds Read-Write Vulnerability: What It Is, How It Can Cause Sensitive Data Leakage

WhatsApp The out-of-bounds read-write vulnerability was detected by Check Point Research in November last year. The vulnerability cited as a memory corruption issue caused the cross-messaging app’s image filter function to crash when it was used with some specially designed GIF files. Also read- Janmashtami 2021 WhatsApp Messages: How To Create & Send Happy Janmashtami WhatsApp Stickers, Status Videos

Researchers from the cybersecurity firm explained that exploiting the vulnerability would require “complicated steps and extensive user interaction”. However, the Facebook-owned company denied finding any evidence that the vulnerability was ever misused. Also read- Your WhatsApp Account Could Be Hacked If You Download This Mod App: Know Details

According to the CPR, the security flaw was triggered “when a user opened an attachment that contained a maliciously crafted image file, then attempted to apply a filter, and then sent the image back to the attacker with the filter applied.” “

While the issue was first disclosed last year, WhatsApp took the time to fix the issue and pushed an update through version 2.21.1.13 in February that added source images and filter images to restrict memory access. But added two new checks.

“Once we discovered the security vulnerability, we immediately reported our findings to WhatsApp, which was cooperative and cooperative in releasing a fix. The result of our collective efforts is a secure WhatsApp for users around the world,” Oded Vanunu, head of product vulnerability research at Check Point, said.

WhatsApp, undoubtedly acknowledged the issue, issued a security fix, and listed the description of the vulnerability as CVE-2020-1910 on its Security Advisory site.

“People should have no doubt that end-to-end encryption continues to work as intended and that people’s messages remain safe and secure. This report covers a number of steps a user would need to take. And we have no reason to believe that users may have been affected by this bug. That said, even the most complex scenarios that the researchers identify can help increase security for users. Can,” WhatsApp replied to Check Point Research.

The cross-messaging platform has advised users to keep the app and OS updated and download the update as and when it is rolled out and report any malicious activity that they experience while using WhatsApp.







Leave a Reply