WhatsApp Out-Of-Bounds read-write vulnerability: How it could have led to sensitive data leakage

The WhatsApp Out-Of-Bounds read-write vulnerability, which was patched in February, may allow a hacker to read sensitive data from the app's memory via a maliciously created image.


106
148 shares, 106 points

The WhatsApp picture filter function had a security weakness that might have allowed hackers to access sensitive information. Check Point Research, a security research organization, uncovered a severe security flaw (CPR). According to the research firm, the bug in WhatsApp for Android’s image filter function might be exploited if a user opened a maliciously created image file.

What is the WhatsApp Out-Of-Bounds read-write vulnerability, and how has it led to sensitive data leakage?

Check Point Research discovered the WhatsApp Out-Of-Bounds read-write vulnerability in November of last year. When the cross-messaging app’s image filter function was used with some specially-designed GIF files, the vulnerability, which was described as a memory corruption issue, led it to crash.

The researchers at the cybersecurity firm pointed out that exploiting the vulnerability would have needed “complex steps and substantial human engagement.” The Facebook-owned corporation, on the other hand, denied that the vulnerability had ever been exploited.

The security weakness was discovered “when a user opened an attachment containing a maliciously created picture file, then attempted to apply a filter, and subsequently transmitted the image with the filter applied back to the attacker,” according to CPR.

While the problem was discovered last year, WhatsApp took its time to remedy it, and in February, it released version 2.21.1.13, which included two new checks on the source and filter pictures to limit memory access.

“As soon as we uncovered the security flaw, we alerted WhatsApp, who was fast to respond and collaborate in developing a fix. “As a consequence of our combined efforts, WhatsApp is now safer for users all over the world,” said Oded Vanunu, Check Point’s Head of Products Vulnerabilities Research.

WhatsApp, no doubt, recognized the problem, issued a security patch, and identified the vulnerability as CVE-2020-1910 on its security advisory webpage.

“There should be no doubt in anyone’s mind that end-to-end encryption is still working as intended and that people’s messages are safe and secure. This report requires numerous actions that a user would have to complete, and we have no reason to assume that people were harmed as a result of this defect. In response to Check Point Research, WhatsApp stated, “Even the most complex scenarios researchers find can assist strengthen security for users.”

The cross-messaging platform has recommended users to maintain their apps and operating systems up to date, download updates as they become available, and report any suspicious activity they encounter while using WhatsApp.

Follow Crispbot on Facebook and Twitter. For the latest news, tech news, breaking news headlines, and live updates checkout crispbot.com


Like it? Share with your friends!

106
148 shares, 106 points

What's Your Reaction?

confused confused
0
confused
fun fun
0
fun
geeky geeky
0
geeky
hate hate
0
hate
lol lol
0
lol
love love
0
love
omg omg
0
omg
win win
0
win
Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Poll
Voting to make decisions or determine opinions
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Countdown
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Meme
Upload your own images to make custom memes
Video
Youtube, Vimeo or Vine Embeds
Audio
Soundcloud or Mixcloud Embeds
Image
Photo or GIF
Gif
GIF format