Comments: New WhatsApp Malicious GIF Image Flaw

It has been reported that a new bug has been disclosed; one that allows an attacker to use a malicious GIF image file to open a vulnerability in WhatsApp and potentially access user content. The bug was identified and shared by “technologist and information security enthusiast” Awakened on Github, with a detailed explanation of how it works. Essentially, the bug relies on an attacker pushing the malicious GIF file to the victim’s device through any channel. That could be WhatsApp or email or any other messaging platform. With the GIF on the device, when the victim opens the gallery within WhatsApp to send any image—not necessarily the malicious one—the hack triggers and the device and its contents become potentially vulnerable.


EXPERTS COMMENTS
Tom Davison, EMEA Technical Director,  Lookout
October 07, 2019
It is critical that users update both device operating systems and mobile apps.
Vulnerabilities in mobile operating systems and mobile apps provide the opportunity for attackers to gain persistence on the device, install further malware and leak data. This is the second vulnerability affecting WhatsApp this year and Lookout frequently sees these types of flaws being exploited by attackers, one example being the Pegasus spyware developed by NSO group. It is critical that use ....
[Read More >>]
Jonathan Knudsen, Senior Security Strategist ,  Synopsys
October 04, 2019
The memory allocator showed peculiar, exploitable behavior when asked to allocate 0 bytes of memory.
The WhatsApp vulnerability recently disclosed by Awakened has several classic characteristics. First, this vulnerability shows how software depends on a complex interaction of components. The vulnerability stems from an image handling component, which depends on unusual behaviour in a memory allocator. Although this story is about WhatsApp, other software is likely to be vulnerable to the same me ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article