Home Business Now Patched Vulnerability in WhatsApp could have led to Data Expo-sure of Users
Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Now Patched Vulnerability in WhatsApp could have led to Data Expo-sure of Users

by maria
gawdo

Check Point Research (CPR) exposed a security vulnerability in WhatsApp’s image filter function. By applying specific image filters to a specially crafted image and sending the resulting image, an attacker could have exploited the vulnerability to read sensitive information from WhatsApp memory.  

  • Vulnerability was rooted in WhatsApp’s image filter function
  • CPR was able to crash WhatsApp by switching between various filters on crafted GIF files
  • CPR promptly disclosed findings to WhatsApp, who went on to issue a fix

Check Point Research (CPR) exposed a security vulnerability in WhatsApp, the world’s most popular messaging application with over 2 billion active users. An attacker could have exploited the vulnerability to read sensitive information from WhatsApp memory.

Image Filter Function

The vulnerability was rooted in WhatsApp’s image filter function. Image filtering is a process through which pixels of the original image are modified to achieve some visual effects, such as blur or sharpen. During their research study, CPR learned that switching between various filters on crafted GIF files indeed caused WhatsApp to crash. CPR identified one of the crashes as a memory corruption. CPR promptly reported the problem to WhatsApp, who named for the vulnerability CVE-2020-1910, detailing it as an out-of-bounds read and write issue. Successful exploitation of the vulnerability would have required an attacker to apply specific image filters to a specially crafted image and send the resulting image.

Estimates count over 55 billion messages being sent daily over WhatsApp, with 4.5 billion photos and one billion videos shared per day.

Coordinated Disclosure

CPR disclosed its findings to WhatsApp on November 10, 2020. WhatsApp verified and acknowledged the security issue. WhatsApp deployed a fix in version 2.21.2.13, outlining CVE-2020-1910 in its February Security Advisory update.

Oded Vanunu, Head of Products Vulnerabilities Research at Check Point:

“With over two billion active users, WhatsApp can be an attractive target for attackers. Once we discovered the security vulnerability, we quickly reported our findings to WhatsApp, who was cooperative and collaborative in issuing a fix. The result of our collective efforts is a safer WhatsApp for users worldwide.”

WhatsApp’s Statement:

“We regularly work with security researchers to improve the numerous ways WhatsApp protects people’s messages, and we appreciate the work that Check Point does to investigate every corner of our app. People should have no doubt that end-to-end encryption continues to work as intended and people’s messages remain safe and secure. This report involves multiple steps a user would have needed to take and we have no reason to believe users would have been impacted by this bug. That said, even the most complex scenarios researchers identify can help increase security for users. As with any tech product, we recommend that users keep their apps and operating systems up to date, to download updates whenever they’re available, to report suspicious messages, and to reach out to us if they experience issues using WhatsApp.”

www.gawdo.com

You may also like