informa
/
Application Security
Quick Hits

Researchers Reveal Details on Now-Patched WhatsApp Vulnerability

The "Out-of-Bounds" vulnerability would have allowed hackers to access sensitive information in WhatsApp memory.

WhatsApp earlier this year patched a vulnerability that researchers say could have allowed an attacker to read sensitive information from the popular messaging app's memory.

Check Point Research (CPR) recently discovered what it termed an "Out-Of-Bounds" read-write vulnerability in the popular messaging application. The flaw would have required complex steps and extensive user interaction in order to exploit. WhatsApp told CheckPoint that they saw no evidence of abuse related to the bug.

The vulnerability related to the WhatsApp image filter functionality and was triggered when a user opened an attachment that contained a maliciously crafted image file, then tried to apply a filter, and then sent the image with the filter applied back to the attacker.

Check Point Research disclosed the findings to the WhatsApp team on November 10, 2020. WhatsApp verified and acknowledged the security issue and developed a fix. 

A blog post that outlines the details can be found here.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5