WhatsApp recently patched a serious security vulnerability that could expose sensitive user data. Security researchers discovered the hole, which could be exploited by opening an attachment that contained a malicious image file.
More recent versions of WhatsApp now check the integrity of image that has been edited with filters to keep users safe.
With more than 2 billion active users, WhatsApp is one of the biggest messaging platforms on the planet. It also promises to be one of the safest, with end-to-end encryption that’s designed to keep your messages private.
Sometimes, however, that encryption is compromised by flaws in the software. Check Point Research (CPR) discovered an instance of this in a serious security vulnerability that could have been used to access data.
WhatsApp flaw left data exposed
The “Out-of-Bounds read-write” flaw, related to WhatsApp’s image filter functionality, could have allowed an attacker to read sensitive user information from the app’s memory, CPR explained in a Thursday report.
It “was triggered when a user opened an attachment that contained a maliciously crafted image file, then tried to apply a filter, and then sent the image with the filter applied back to the attacker.”
CPR disclosed its findings to WhatsApp last November, and subsequent updates to the app patched the hole while adding two new image checks designed to identify filtered images and compare them with the source.
WhatsApp insists it saw no evidence of any breaches, and CPR reports a hack “would have required complex steps and extensive user interaction in order to exploit.”
To keep your messages safe, ensure you are running WhatsApp version 2.21.1.13 or later.
