WhatsApp has patched a vulnerability that could enable hackers to gain access to your files and chats.
The flaw reportedly affected smartphones running on Android 8 and above.
It has now been patched out
WhatsApp has been grappling with its fair share of bugs and issues and a new flaw has now come to light. Before we share any details, we urge you update the app on your Android devices, since the vulnerability we are going to talk about could enable hackers gain access to your files and messages on the app. As per a security researcher with the pseudonym Awakened, a double-free vulnerability in the popular messaging app could crash a device or even enable hackers gain access to your smartphone. First reported by TNW, the bug affects devices running on Android 8 and above, which means iOS users don’t need to worry about this particular bug.
Before you panic, do note that Facebook was notified of the flaw and the company patched the issue with WhatsApp version 2.19.244. The researcher notes, in a Github blog post, that using just a malicious GIF file, one could trigger a Remote Control Execution (RCE) exploit. This could potentially enable an attacker to proceed in two ways; they could perform local privilege escalation and install a malicious app that can be used to steal files in WhatsApp sandbox, including message database.
Remote code execution was also possible by exploiting the flaw, which would make use of WhatsApp‘s Gallery view. In an update, WhatsApp told TNW that there’s no reason to believe the flaw affected any users. “The key point that the [vulnerability disclosure] makes is that this issue affects the user on the sender side, meaning the issue could in theory occur when the user takes action to send a GIF. The issue would impact their own device.” as per a statement provided by WhatsApp’s spokesperson to TNW. “It was reported and quickly addressed last month. We have no reason to believe this affected any users though of course we are always working to provide the latest security features to our users.”