Check Point Research (CPR) announced on Thursday that it had discovered a security flaw in WhatsApp’s picture filter function that could have been exploited by attackers to read sensitive data, which the messaging network has since rectified.
“CPR exposed a security vulnerability in WhatsApp…An attacker could have exploited the vulnerability to read sensitive information from WhatsApp memory,” CPR said in a statement.
CPR discovered that moving between various filters on created GIF files caused WhatsApp to crash during its research study, and that the vulnerability was rooted in WhatsApp’s image filter function.
“Memory corruption was detected as the cause of one of the accidents by CPR. CPR quickly alerted WhatsApp, which assigned the vulnerability CVE-2020-1910 and described it as an out-of-bounds read and write issue “It was detected.
An attacker would have needed to apply appropriate image filters to a specifically constructed image and send the resulting image to successfully exploit the vulnerability, it added.
WhatsApp, with over two billion active users, might be a tempting target for cybercriminals. When we uncovered the security flaw, we immediately informed WhatsApp, who worked with us to issue a remedy. According to Check Point Head of Products Vulnerabilities Research Oded Vanunu, “the result of our collaborative efforts is a safer WhatsApp for users globally.”
When contacted, a WhatsApp spokesman stated the firm collaborates with security researchers on a daily basis “to improve the multiple ways WhatsApp safeguards people’s messages, and we appreciate Check Point’s efforts to study every area of our service.”
“People should have no doubt that end-to-end encryption continues to work as intended and people’s messages remain safe and secure, the spokesperson added.