WhatsApp Fixes Data Exposure Vulnerability in Image Filter Function

WhatsApp discovered a vulnerability in its image filter function. It could allow an attacker to read sensitive information from the app’s memory. According to Check Point Research, a security vulnerability in the messaging platform, now fixed, could have led to data exposure. It impacted WhatsApp for Android prior to version 2.21.1.13 and WhatsApp Business for Android prior to version 2.21.1.13. However, the Facebook-owned company fixed the security issue after the report.

Also Read: Nokia G50 5G Receives TENAA Certification; Key Specs Leaked

The popular messaging platform had an “Out-Of-Bounds read-write vulnerability”. It is related to the platform’s image filter functionality, according to Check Point Research. Moreover, the researchers noted that exploitation of the vulnerability would have “required complex steps and extensive user interaction”. Although WhatsApp claims there is no evidence that the vulnerability ever abused.

WhatsApp patches vulnerability related to image filter functionality

However, if exploited, the vulnerability claims to allow hackers to read sensitive information from WhatsApp memory. This includes private messages and previously shared images and videos. In order to successfully exploit the vulnerability, the attacker would have had to apply specific image filters. They had to apply it to a specially crafted image and send the resulting image. Additionally, the study also learns that switching between various filters on crafted GIF files indeed caused WhatsApp to crash. 

Also Read: Samsung Galaxy Tab S7 FE Wi-Fi Variant Launched in India: Price, Specs

WhatsApp took some time in fixing the bug and issued a patch in February. It was provided to end-users through version 2.21.1.13 of both for Android and Business for Android apps.

“Once we discovered the security vulnerability, we quickly reported our findings to WhatsApp. They were cooperative and collaborative in issuing a fix. The result of our collective efforts is a safer WhatsApp for users worldwide”.

Oded Vanunu, Head of Products Vulnerabilities Research at Check Point, in a prepared statement

The findings were disclosed to the Facebook-owned messaging platform on November 10, 2020. WhatsApp verified and acknowledged the security issue. It had then deployed a fix in version 2.21.2.13, outlining CVE-2020-1910 in its February Security Advisory update. The platform also added two new checks on source and filter images to restrict memory access.

Also Read: Realme Pad Teased By Madhav Sheth; Claims To Be ‘Real-ly Light and Slim’

WhatsApp also recommends its users keep their apps and operating systems up to date. They recommend downloading updates whenever they’re available. Moreover, report suspicious messages and reach out directly to its team if they experience issues using WhatsApp.