Users should be careful about the pictures they view on WhatsApp. If a user receives a picture from a malicious third party, the picture could be edited in such a way that the app could read sensitive data from the memory of the app. In addition, users should update their apps to get the latest security fixes.WhatsApp
According to security research firm Check Point, a vulnerability has been found in WhatsApp. The issue causes the app to crash when a user receives certain images. These images are crafted to take advantage of visual effects such as color changes, saturation adjustments, and other alterations.
The bug (CVE-2020-1910) carries a severity rating of 7.8 out of 10. It’s due to a memory corruption error, the firm said – and more specifically, an out-of-bounds read-and-write issue. Typically, this kind of bug can allow attackers to read sensitive information from other memory locations or cause a crash.
Update your WhatsApp Now
WhatsApp deployed a fix in version 126.96.36.199, so users should make sure their apps are updated. The company says the new feature has two new security checks on the source image and filter image.
- Validates that the image format equals 1 (ANDROID_BITMAP_FORMAT_RGBA_8888). This means that both source and filter images must be in RGBA format.
- Validates image size by checking that the (stride*height)/4 equals width*height.
Because “stride” equals the number of bytes per pixel multiplied by width, the second check actually ensures that the image indeed has 4 bytes per pixel.