WhatsApp fixes flaw that allows hackers to read information using image filters

New Delhi: Check Point Research (CPR) on Thursday said it had flagged a security vulnerability in WhatsApp’s image filter function that could have been exploited by attackers to read sensitive information, and the same has now been fixed by the messaging platform.

“CPR exposed a security vulnerability in WhatsApp…An attacker could have exploited the vulnerability to read sensitive information from WhatsApp memory,” CPR said in a statement.

It added that the vulnerability was rooted in WhatsApp’s image filter function and during its research study, CPR learned that switching between various filters on crafted GIF files caused WhatsApp to crash.

“CPR identified one of the crashes as memory corruption. CPR promptly reported the problem to WhatsApp, who named for the vulnerability CVE-2020-1910, detailing it as an out-of-bounds read and write issue,” it noted.

Successful exploitation of the vulnerability would have required an attacker to apply specific image filters to a specially crafted image and send the resulting image, it added.

“With over two billion active users, WhatsApp can be an attractive target for attackers. Once we discovered the security vulnerability, we quickly reported our findings to WhatsApp, which was cooperative and collaborative in issuing a fix. The result of our collective efforts is a safer WhatsApp for users worldwide,” Check Point Head of Products Vulnerabilities Research Oded Vanunu said.

When contacted, a WhatsApp spokesperson said the company regularly works with security researchers “to improve the numerous ways WhatsApp protects people’s messages, and we appreciate the work that Check Point does to investigate every corner of our app”.

“People should have no doubt that end-to-end encryption continues to work as intended and people’s messages remain safe and secure,” the spokesperson added.

This story has been published from a wire agency feed without modifications to the text. Only the headline has been changed.

Subscribe to Mint Newsletters

* Enter a valid email

* Thank you for subscribing to our newsletter.

Never miss a story! Stay connected and informed with Mint.
Download
our App Now!!

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.