WhatsApp Has Patched a Security Hole That Could Expose Sensitive User Data

Furqan Shahid
WhatsApp Has Patched a Security Hole That Could Expose Sensitive User Data
Credits: Unsplash/Adem Ay

WhatsApp has recently patched a pretty big vulnerability that could have exposed sensitive user data. Security researchers discovered this vulnerability that could be exploited simply by opening an attachment that contained a malicious image file, which would have resulted in the user information and data being exposed.

Thankfully, the more recent versions of WhatsApp now check the integrity of the image that has been edited with filters to ensure that the user's safety is intact and no attempts are being made to access the data.

Related StoryFurqan Shahid
Galaxy S23 Ultra Said to Have a Larger Ultrasonic Fingerprint Sensor

A WhatsApp Vulnerability That Existed Since Last November Has Finally Been Patched

With over 2 billion active users, WhatsApp is one of the biggest messaging platforms at the moment. The Facebook-owned service does promise to be one of the safest. It has many features such as end-to-end encryption and more that will keep your messages and calls private. However, security vulnerabilities still manage to exist one way or another.

The latest vulnerability in WhatsApp was discovered by Check Point Research (CPR), and according to them, this vulnerability could have been used to access user data.

The "Out-of-Bounds read-write" flaw is related to WhatsApp's image filter functionality, and this could have allowed an attacker to read sensitive user information from the app's memory. It "was triggered when a user opened an attachment that contained a maliciously crafted image file, then tried to apply a filter, and then sent the image with the filter applied back to the attacker.”

CPR disclosed its findings to WhatsApp last November. Since then, subsequent updates to the app finally patched the hole and added two new image checks designed to identify filtered images and compare them with the source.

WhatsApp claims that they saw no evidence of any breaches, and CPR reports that a hack "would have required complex steps and extensive user interaction to exploit.” If you are still looking forward to keeping everything safe on your phone, make sure that you are running the WhatsApp version or later.

Deal of the Day