According to a report by Check Point Research (CPR), malicious users could exploit the vulnerability by applying specific image filters to a specially crafted image.
As per recent estimates, WhatsApp clocks about 2 billion active users every month and reportedly ferries over 55 billion messages daily, along with 4.5 billion photos, and one billion videos shared per day.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
- We’ve compiled a list of the best Android antivirus apps
- Shield yourself with these best identity theft protection services
- These are the best firewall apps and services
“With over two billion active users, WhatsApp can be an attractive target for attackers. Once we discovered the security vulnerability, we quickly reported our findings to WhatsApp, who was cooperative and collaborative in issuing a fix,” said Oded Vanunu, Head of Products Vulnerabilities Research at CPR.
CPR explains that image filtering is the process through which pixels of the original image are modified to achieve certain visual effects, such as blur or sharpen.
During their research study, CPR learned that switching between various filters on crafted GIF files caused WhatsApp to crash. Upon further investigation it was discovered that one of the crashes was CPR identified one of the crashes as the result of memory corruption.
CPR reported the problem to WhatsApp, who classified it as an out-of-bounds read and write issue, and tracked it as CVE-2020-1910, before deploying a fix in February 2021
“We regularly work with security researchers to improve the numerous ways WhatsApp protects people’s messages, and we appreciate the work that Check Point does to investigate every corner of our app,” noted WhatsApp in a statement, adding that it saw no evidence of abuse related to this vulnerability.
- Here’s our list of the best VPN services