WhatsApp has patched a vulnerability that would enable an attacker to learn delicate data from the app’s reminiscence, together with personal messages utilizing a specifically crafted picture. The vulnerability was reported to WhatsApp by cybersecurity agency Check Point Research, and it existed inside the picture filter perform of WhatsApp for Android and WhatsApp Business for Android that enables customers so as to add filters to their photos. The Facebook-owned firm fastened the safety subject after it was reported by Check Point researchers and claimed that there was no proof that the vulnerability was ever abused.

Called “Out-Of-Bounds read-write vulnerability”, the difficulty was disclosed to WhatsApp by Check Point Research on November 10, 2020. WhatsApp took a while in fixing the bug and issued a patch in February. It was offered to finish customers by the model 2.21.1.13 of each WhatsApp for Android and WhatsApp Business for Android apps.

Researchers at Check Point Research had been capable of uncover the vulnerability that’s technically a reminiscence corruption subject whereas trying on the approach WhatsApp processes and sends photos on its platform. During the analysis, it was discovered that the picture filter perform of the messaging app crashes when it was used with some specially-designed GIF information. That introduced the researchers to the purpose from the place they had been capable of spot the loophole.

According to Check Point Research, the vulnerability may very well be triggered after a consumer opens an attachment containing a maliciously crafted picture file, tries to use a filter, after which sends the picture with the filter utilized again to the attacker. The researchers, thus, famous that hackers would have required “complex steps and extensive user interaction” to take advantage of the difficulty.

However, if it may very well be efficiently exploited, the vulnerability is claimed to permit hackers to learn delicate data from WhatsApp reminiscence that embrace personal messages and beforehand shared photos and movies.

“Once we discovered the security vulnerability, we quickly reported our findings to WhatsApp, who was cooperative and collaborative in issuing a fix. The result of our collective efforts is a safer WhatsApp for users worldwide,” mentioned Oded Vanunu, Head of Products Vulnerabilities Research at Check Point, in a ready assertion.

WhatsApp has listed the small print of the vulnerability on its safety advisories website as CVE-2020-1910. The platform added two new checks on supply and filter photos to limit reminiscence entry.

“People should have no doubt that end-to-end encryption continues to work as intended and people’s messages remain safe and secure,” WhatsApp mentioned in its assertion given to Check Point Research. “This report involves multiple steps a user would have needed to take and we have no reason to believe users would have been impacted by this bug. That said, even the most complex scenarios researchers identify can help increase security for users.”

WhatsApp additionally beneficial its customers to maintain their apps and working programs updated, obtain updates each time they’re obtainable, report suspicious messages, and attain out on to its group in the event that they expertise points utilizing WhatsApp.