Technology News
  • Home
  • Apps
  • Apps News
  • WhatsApp Patches Vulnerability in Image Filter Function That Could Have Led to Data Exposure

WhatsApp Patches Vulnerability in Image Filter Function That Could Have Led to Data Exposure

WhatsApp brought the patch in February and added two new checks in place to restrict memory access.

By Jagmeet Singh | Updated: 2 September 2021 19:16 IST
WhatsApp Patches Vulnerability in Image Filter Function That Could Have Led to Data Exposure

Photo Credit: Reuters

WhatsApp fixed the vulnerability related to its image filter function in version 2.21.1.13

Highlights
  • WhatsApp was discovered with a vulnerability in its image filter function
  • Check Point Research reported the issue to WhatsApp in November
  • WhatsApp for Android and WhatsApp Business for Android were impacted
Advertisement

WhatsApp has patched a vulnerability that could allow an attacker to read sensitive information from the app's memory, including private messages using a specially crafted image. The vulnerability was reported to WhatsApp by cybersecurity firm Check Point Research, and it existed within the image filter function of WhatsApp for Android and WhatsApp Business for Android that allows users to add filters to their images. The Facebook-owned company fixed the security issue after it was reported by Check Point researchers and claimed that there was no evidence that the vulnerability was ever abused.

Called “Out-Of-Bounds read-write vulnerability”, the issue was disclosed to WhatsApp by Check Point Research on November 10, 2020. WhatsApp took some time in fixing the bug and issued a patch in February. It was provided to end users through the version 2.21.1.13 of both WhatsApp for Android and WhatsApp Business for Android apps.

Researchers at Check Point Research were able to discover the vulnerability that is technically a memory corruption issue while looking at the way WhatsApp processes and sends images on its platform. During the research, it was found that the image filter function of the messaging app crashes when it was used with some specially-designed GIF files. That brought the researchers to the point from where they were able to spot the loophole.

According to Check Point Research, the vulnerability could be triggered after a user opens an attachment containing a maliciously crafted image file, tries to apply a filter, and then sends the image with the filter applied back to the attacker. The researchers, thus, noted that hackers would have required “complex steps and extensive user interaction” to exploit the issue.

However, if it could be successfully exploited, the vulnerability is claimed to allow hackers to read sensitive information from WhatsApp memory that include private messages and previously shared images and videos.

“Once we discovered the security vulnerability, we quickly reported our findings to WhatsApp, who was cooperative and collaborative in issuing a fix. The result of our collective efforts is a safer WhatsApp for users worldwide,” said Oded Vanunu, Head of Products Vulnerabilities Research at Check Point, in a prepared statement.

WhatsApp has listed the details of the vulnerability on its security advisories site as CVE-2020-1910. The platform added two new checks on source and filter images to restrict memory access.

“People should have no doubt that end-to-end encryption continues to work as intended and people's messages remain safe and secure,” WhatsApp said in its statement given to Check Point Research. “This report involves multiple steps a user would have needed to take and we have no reason to believe users would have been impacted by this bug. That said, even the most complex scenarios researchers identify can help increase security for users.”

WhatsApp also recommended its users to keep their apps and operating systems up to date, download updates whenever they're available, report suspicious messages, and reach out directly to its team if they experience issues using WhatsApp.

Are the Galaxy Z Fold 3 and Z Flip 3 still made for enthusiasts — or are they good enough for everyone? We discussed this on Orbital, the Gadgets 360 podcast. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: WhatsApp vulnerability, WhatsApp, Check Point Research, WhatsApp for Android, WhatsApp Business, WhatsApp Business for Android
Airtel Brings Rs. 499, Rs. 699, and Rs. 2,798 Prepaid Plans With Bundled Disney+ Hotstar Mobile Subscription

Related Stories

WhatsApp Patches Vulnerability in Image Filter Function That Could Have Led to Data Exposure
Comment
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. OnePlus 11R Solar Red With 8GB RAM, 128GB Storage Debuts in India: See Price
  2. Ray-Ban Meta Smart Glasses: Versatile and Practical
  3. Itel Super Guru 4G With YouTube, UPI Support Debuts in India: See Price
  4. Samsung Galaxy Z Flip 6 Reportedly Listed on Geekbench With This SoC
  5. OTT Releases This Week: Rebel Moon Part 2, Article 370 and More
  6. Acer Predator Helios 16, Helios Neo 16 Updated With 14th Gen Intel Core CPUs
  7. Samsung Galaxy F15 5G Gets new 8GB RAM Variant in India: Price, Offers
#Latest Stories
  1. Xiaomi 14 Series 'AI Treasure Chest' With Several AI Tools in Testing, Could Debut This Year: Report
  2. Redmi Note 13 5G Series HyperOS Update Based on Android 14 Begins Rolling Out in India
  3. YouTube Reportedly Rolling Out Support for 8K Resolution Videos on the Meta Quest
  4. Lenovo Yoga Slim 7 (2024) Design Spotted in Leaked Renders; Could Debut as First Snapdragon X Elite Laptop
  5. Samsung Galaxy Z Flip 6 With Snapdragon 8 Gen 3 SoC for Galaxy Allegedly Surfaces on Geekbench
  6. Itel S24 India Launch Teased; Confirmed to Come With 108-Megapixel Main Camera, MediaTek Helio G91 SoC
  7. BWA Lays Down Self-Regulatory Guidelines on Token Listings for Indian Crypto Exchanges
  8. Samsung Galaxy F15 5G With 8GB RAM, 128GB Storage Launched in India: Price, Offers
  9. OnePlus 11R 5G Solar Red Variant With 8GB RAM, 128GB Storage Launched in India
  10. Adobe Express Mobile App With Firefly AI Is Now Available Globally
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »