WhatsApp fixes flaw that allows hackers to read information using image filters

  • Save

Verify Stage Analysis (CPR) on Thursday talked about it had flagged a safety vulnerability in WhatsApp’s picture filter operate that may have been exploited by attackers to be taught delicate info, and the equal has now been mounted by the messaging platform.

“CPR uncovered a safety vulnerability in WhatsApp…An attacker might have exploited the vulnerability to be taught delicate info from WhatsApp reminiscence,” CPR talked about in an announcement.

It added that the vulnerability was rooted in WhatsApp’s picture filter operate and through its analysis evaluation, CPR discovered that switching between fairly a number of filters on crafted GIF knowledge induced WhatsApp to crash.

“CPR acknowledged thought-about certainly one of many crashes as reminiscence corruption. CPR promptly reported the issue to WhatsApp, who named for the vulnerability CVE-2020-1910, detailing it as an out-of-bounds be taught and write concern,” it well-known.

Worthwhile exploitation of the vulnerability would have required an attacker to utilize particular picture filters to a very crafted picture and ship the next picture, it added.

“With over two billion energetic prospects, WhatsApp may be a fairly goal for attackers. As shortly as we found the safety vulnerability, we shortly reported our findings to WhatsApp, which was cooperative and collaborative in issuing a restore. The outcomes of our collective efforts is a safer WhatsApp for purchasers worldwide,” Verify Stage Head of Merchandise Vulnerabilities Analysis Oded Vanunu talked about.

When contacted, a WhatsApp spokesperson talked in regards to the firm normally works with safety researchers “to spice up the pretty a few methods WhatsApp protects folks’s messages, and we respect the work that Verify Stage does to research each nook of our app”.

“Individuals should not have any doubt that end-to-end encryption continues to work as meant and folks’s messages preserve protected and safe,” the spokesperson added.

Source link

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share via
Copy link
Powered by Social Snap