A researcher has released details of a WhatsApp remote code execution (RCE) flaw it is claimed could be used to compromise not only the app, but any mobile device the app is running on.
Reported to Facebook some weeks ago by a researcher called ‘Awakened’, the critical issue (CVE-2019-11932) affects users of the Android versions of the app, specifically versions 8.1 and 9.0 although not, apparently, version 8.0 (Apple’s iOS doesn’t appear to be affected).
It’s described as double-free memory vulnerability in a WhatsApp image preview library called libpl_droidsonroids_gif.so, and some aspects of how it might execute remain unclear.
The researcher says an attack would involve first sending a malicious GIF image using any channel that is by email, a rival messaging app, or sent direct through WhatsApp itself.
“If WhatsApp is being used, and the attacker (or hapless intermediary) is on the contacts list of the user as a friend, apparently this GIF would download to the device automatically,” the researcher said.
The flaw now raises the consciousness of WhatsApp’s 1.5 billion users who choose the software due to its privacy and security that the feature list doesn’t include invulnerability.
Join the conversation
Support Ripples Nigeria, hold up solutions journalism
Balanced, fearless journalism driven by data comes at huge financial costs.
As a media platform, we hold leadership accountable and will not trade the right to press freedom and free speech for a piece of cake.
If you like what we do, and are ready to uphold solutions journalism, kindly donate to the Ripples Nigeria cause.
Your support would help to ensure that citizens and institutions continue to have free access to credible and reliable information for societal development.
INVESTIGATION: 4 yrs after completion, Kwara PHC facility inactive, rural dwellers in pains
In the middle of the night sometime in September 2019, Fatimah Ballah struggled with severe pains as she tries to...
INVESTIGATION: How Oyo State, contractors spent N1.1bn on water projects, but communities don’t have a drop
Multimillion naira water projects largely initiated by the late Abiola Ajimobi-led state government in Oyo State to benefit over 40...
INVESTIGATION: In Cross River, civil servants retire into poverty as govt looks away, squanders funds on frivolities
Thousands of civil servants in Cross River State struggle to stay alive as they are denied their gratuities and monthly...
Students suffer as contractors abandon Kano school projects after receiving over N70m
In 2019, to improve the condition of public schools in Kano State, the Federal Government disbursed millions of naira to...
SPECIAL REPORT: World Bank road projects go bad in Enugu, as state govt fails to fulfill promise
Counterpart funded road projects between the world Bank and Enugu State government have started to fail, as the state government...