WhatsApp earlier this year patched a vulnerability that researchers say could have allowed an attacker to read sensitive information from the popular messaging app’s memory.
Check Point Research (CPR) recently discovered what it termed an “Out-Of-Bounds” read-write vulnerability in the popular messaging application. The flaw would have required complex steps and extensive user interaction in order to exploit. WhatsApp told CheckPoint that they saw no evidence of abuse related to the bug.
The vulnerability related to the WhatsApp image filter functionality and was triggered when a user opened an attachment that contained a maliciously crafted image file, then tried to apply a filter, and then sent the image with the filter applied back to the attacker.
Check Point Research disclosed the findings to the WhatsApp team on November 10, 2020. WhatsApp verified and acknowledged the security issue and developed a fix.
A blog post that outlines the details can be found here.
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
