A security vulnerability in popular messaging app WhatsApp (opens in new tab)’s image filter function, enabled cybersecurity (opens in new tab) researchers to read sensitive information from the memory of the app.
According to a report by Check Point Research (CPR), malicious users could exploit the vulnerability by applying specific image filters to a specially crafted image.
As per recent estimates (opens in new tab), WhatsApp clocks about 2 billion active users every month and reportedly (opens in new tab) ferries over 55 billion messages daily, along with 4.5 billion photos, and one billion videos shared per day.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
>> Click here to start the survey in a new window (opens in new tab) <<
- We’ve compiled a list of the best Android antivirus apps (opens in new tab)
- Shield yourself with these best identity theft protection services (opens in new tab)
- These are the best firewall apps and services (opens in new tab)
“With over two billion active users, WhatsApp can be an attractive target for attackers. Once we discovered the security vulnerability, we quickly reported our findings to WhatsApp, who was cooperative and collaborative in issuing a fix,” said Oded Vanunu, Head of Products Vulnerabilities Research at CPR.
CPR explains that image filtering is the process through which pixels of the original image are modified to achieve certain visual effects, such as blur or sharpen.
During their research study, CPR learned that switching between various filters on crafted GIF files caused WhatsApp to crash. Upon further investigation it was discovered that one of the crashes was CPR identified one of the crashes as the result of memory corruption.
CPR reported the problem to WhatsApp, who classified it as an out-of-bounds read and write issue, and tracked it as CVE-2020-1910, before deploying a fix in February 2021
“We regularly work with security researchers to improve the numerous ways WhatsApp protects people’s messages, and we appreciate the work that Check Point does to investigate every corner of our app,” noted WhatsApp in a statement (opens in new tab), adding that it saw no evidence of abuse related to this vulnerability.
- Here’s our list of the best VPN services (opens in new tab)