WhatsApp Out-Of-Bounds read-write vulnerability: How it could have led to sensitive data leakage

WhatsApp image filter function had a potential security flaw that could allow hackers to get hold of sensitive data. The major security vulnerability was discovered by security research firm Check Point Research (CPR). The research firm pointed out that the flaw rooted in the image filter function of WhatsApp for Android could be triggered when a user opened a maliciously crafted image file.

WhatsApp Out-Of-Bounds read-write vulnerability: What is it, how it could have led to sensitive data leakage

WhatsApp Out-Of-Bounds read-write vulnerability was unearthed by Check Point Research last year in November. The vulnerability cited to be a memory corruption issue caused the image filter function of the cross-messaging app to crash when it was used with some specially-designed GIF files.

The exploitation of the vulnerability would have “required complex steps and extensive user interaction,” the researchers at the cybersecurity firm pointed. The Facebook-owned company, however, refuted to have found any evidence that the vulnerability was ever abused.

According to CPR, the security flaw was triggered “when a user opened an attachment that contained a maliciously crafted image file, then tried to apply a filter, and then sent the image with the filter applied back to the attacker.”

While the issue was disclosed last year, WhatsApp took time to fix the issue and pushed an update via version 2.21.1.13 in February that added two new checks on source images and filter images to restrict memory access.

“Once we discovered the security vulnerability, we quickly reported our findings to WhatsApp, who was cooperative and collaborative in issuing a fix. The result of our collective efforts is a safer WhatsApp for users worldwide,” Oded Vanunu, Head of Products Vulnerabilities Research at Check Point stated.

WhatsApp, no doubt acknowledged the issue, released the security fix, and has listed the details of the vulnerability on its security advisories site as CVE-2020-1910.

“People should have no doubt that end-to-end encryption continues to work as intended and people’s messages remain safe and secure. This report involves multiple steps a user would have needed to take and we have no reason to believe users would have been impacted by this bug. That said, even the most complex scenarios researchers identify can help increase security for users, ” WhatsApp responding to Check Point Research said.

The cross-messaging platform has advised users to keep the app and OS up to date and download the updates as and when it is rolled out and report any malicious activity that they experience while using WhatsApp.

The post WhatsApp Out-Of-Bounds read-write vulnerability: How it could have led to sensitive data leakage appeared first on BGR India.

Go to Source

Leave a Reply

Your email address will not be published.