GIFs circulated by WhatsApp users can be used to hack their devices
GIF (Graphic Interchange Format) are the the new age mode of portraying feelings and messages over social media platforms.
Instead of writing a mainstream line which is frequently used during a conversation, any social media user will send a GIF depicting similar message. A GIF saves the effort of writing long sentences and is an impressive and expressive way of delivering your message.
What if we tell you that this cool-looking and entertaining GIF can be a way to hack your device. WhatsApp being one of the app which has major usage of GIFs has recently removed a vulnerability from its open-source GIF library. The vulnerability CVE-2019-11932, is a double-free memory corruption bug discovered by researchers. This vulnerability allows the attackers to run arbitrary codes remotely on the target device. This payload shares all the permissions that WhatsApp has such as read SDCard, access WhatsApp messages, etc.
WhatsApp uses a library to generate a preview of GIF files when users open their gallery before sharing media files. The vulnerability gets triggered when the user opens WhatsApp gallery for sharing files. To exploit this vulnerability the attacker sends a malicious GIF to the target and waits for the target to open the file in image gallery of WhatsApp. WhatsApp version 2.19.230 and older are the ones getting affected by this vulnerability. WhatsApp has released the security patch for this vulnerability in version 2.19.244.
NPAV suggests the users to always keep their application updated. Regular updates generally contain security patches and new features which are necessary to remain properly secure. Always use official and trusted app stores to update and download applications.
Use NPAV for best in class cyber security solutions.