Thu 03 October 2019:
A security bug has been found in Facebook-owned instant messenger WhatsApp that could let attackers to obtain access to a device and steal data by sending a malicious GIF file.
A double-free vulnerability is a memory corruption anomaly that could crash an application or open up an exploit vector that attackers can abuse to gain access to users’ device.
According to Awakened’s post on GitHub, the flaw resided in WhatsApp’s Gallery view implementation that is used to generate previews for photographs, videos and GIFs.
The bug also works for Android 8.1 and Android 9.0 OS but does not work for Android 8.0 and below.
In the older Android versions, double-free could still be triggered. However, because of the malloc calls by the system after the double-free, the app just crashes before reaching to the point that we could control the PC register, according to a report in Gizmodo.
Think your friends would be interested? Share this story!