WhatsApp is touted as one of the most secure apps for communication, but that claim is often brought into question with the discovery of critical flaws in the app. The end-to-end encryption in chats is no good if an internal bug can breach the secure walls of WhatsApp, only to allow hackers to take what they can.
WhatsApp, which is used by 1.5 billion users around the world, is said to be affected by a serious security flaw that could potentially allow hackers to steal data and chats using malicious GIFs. The discovery was made by a researcher identified as Awakened, who posted a detailed technical write-up on GitHub.
According to the researcher, the security breach stems from a double-free bug in WhatsApp, which means the vulnerability can crash an app or allow hackers to gain access to the target device. Hackers can exploit the double-free bug with just a malicious GIF and then wait for the user to open the WhatsApp gallery, where usually previews of images, videos and GIFs are generated.
If you're using WhatsApp on iPhone, the critical flaw doesn't affect you. But Awakened noted that Android versions 8.1 and 9.0 are at risk while older versions, such as Android 8.0 and below, are not. The reason why the older Android versions are not exploitable is that the app crashes before any malicious code is run.
In response to the security warning, WhatsApp said that there were no reports of the vulnerability being exploited and the company had fixed the flaw last month. But WhatsApp spokesperson noted that "this issue affects the user on the sender side, meaning the issue could, in theory, occur when the user takes action to send a GIF. The issue would impact their own device." Awakened disputed the claim and made by the company spokesperson.
In order to stay protected from the security flaw, WhatsApp users must update their apps immediately. Users must make sure the app running on their phones is 2.19.244 or above. If you're unaware of how to update your app, go to Play Store, look for WhatsApp and tap Update. If there's no option to update, you're running the latest version.
This could be a major threat averted for WhatsApp, but the company has time and again found itself in dealing with such sensitive issues. Recently, CheckPoint researchers discovered a critical flaw in WhatsApp that could allow hackers to manipulate messages as well as the sender's identity.