WhatsApp flaw: Android phones can be hacked with GIFs
A new security glitch has been detected in the WhatsApp that can allow hackers to hijack a phone by just sending GIFs with malicious code.
A security researcher who goes by the moniker Awakened has written an explainer on double-free vulnerability in WhatsApp on his personal GitHub blog.
For the uninitiated, double-free vulnerability is a memory corruption anomaly in the WhatsApp‘s Gallery view implementation process. WhatsApp usually creates a preview of images before the actual photo is presented to the user when he/she enter the gallery section; but, due to lack of proper security layer, those photos can be illegally retrieved by a hacker.
For instance, if a user receives malicious code-laced GIFs on the Facebook-owned messenger app, it will initially remain inactive. But, when the user returns to the WhatsApp Photo Gallery, the bad GIF springs into life and creates a path for hackers to retrieve photos via the RCE (Remote Code Execution) method.
It has come to light that the vulnerability is found to be affecting the Android phones with 8.1 Oreo and v9.0 Pie OS versions. If Google’s Android dashboard is to be believed, both the OS versions account for a little over 25 percent of the total active Android phones. That means millions of mobile users are vulnerable to getting hacked.
Taking note of the severity of the issue, Facebook-owned company has acknowledged the issue and released a security patch for WhatsApp. Android phone users are advised to install the latest update (v2.19.244).