Latest Tech

WhatsApp vulnerability could compromise Android smartphones, researcher reveals

1.5bn users affected after WhatsApp shuts down Worldwide

A researcher has released details of a WhatsApp remote code execution (RCE) flaw it is claimed could be used to compromise not only the app, but any mobile device the app is running on.

Reported to Facebook some weeks ago by a researcher called ‘Awakened’, the critical issue (CVE-2019-11932) affects users of the Android versions of the app, specifically versions 8.1 and 9.0 although not, apparently, version 8.0 (Apple’s iOS doesn’t appear to be affected).

It’s described as double-free memory vulnerability in a WhatsApp image preview library called, and some aspects of how it might execute remain unclear.

READ ALSO: NASA on the verge of finding life on Mars, reports reveal

The researcher says an attack would involve first sending a malicious GIF image using any channel that is by email, a rival messaging app, or sent direct through WhatsApp itself.

“If WhatsApp is being used, and the attacker (or hapless intermediary) is on the contacts list of the user as a friend, apparently this GIF would download to the device automatically,” the researcher said.

The flaw now raises the consciousness of WhatsApp’s 1.5 billion users who choose the software due to its privacy and security that the feature list doesn’t include invulnerability.

Join the conversation


About the author

Ripples Nigeria

We are an online newspaper, very passionate about Nigerian politics, business and their leaders. We dig deeper, without borders and without fears.

/* ]]> */