A security vulnerability was discovered in WhatsApp Messenger. As per reports, a security flaw in WhatsApp, if exploited, could allow hackers to hijack chat sessions with the help of malicious GIFs. This major security vulnerability in WhatsApp Messenger compromises the security of your files and personal messages. Security researchers have disclosed a vulnerability in WhatsApp that, if exploited, can compromise your personal messages, chat sessions and files through malicious GIFs. The security flaw dubbed CVE-2019-11932 is a double-free exploit. What is a double-free exploit, you may ask? Well, double-free means freeing a resource more than one can lead to memory leaks, hence compromising your WhatsApp security and privacy. Resultant errors can further lead to memory leaks, crashes and in some cases, the 'execution of arbitrary code.'
According to researchers, there are two ways this vulnerability can be exploited and the bug can be triggered. In the first attack, it requires a malicious application to already be installed on a target Android device. It can then generate a malicious GIF file. The purpose of this GIF file is to steal files from WhatsApp through the collection of library data. In the second attack, a user needs to be exposed to the GIF payload in WhatsApp as an attachment or through other channels. According to researchers, upon opening the Gallery View in WhatsApp, the GIF file will be parsed twice, which would trigger a remote shell in the app, further leading to successful Remote Code Evaluation (RCE). The Remote Code Evaluation Attack is the result of the creation of malicious GIF files.
Surprisingly enough, newer versions of the Android operating system are prone to the RCE attack and not the older ones. So if you are running WhatsApp on Android versions 8.1 or Android 9.0, you are subject to the risks associated with this kind of attack. However, in the event that you are running WhatsApp on Android 8.0 or below, you are safe. However, a crash could occur before even executing any malicious code to tamper with chat sessions. Facebook was notified about the vulnerability, which has since been patched in WhatsApp version 2.19.244. To ensure your own safety and privacy, you are recommended to keep your WhatsApp up to date.