Don’t become a victim to this poisoned GIF

October 19th, 2019
Don’t become a victim to this poisoned GIF

Update 'Whatsapp'

Do you use Whatsapp on an Android device? If so, you'll want to upgrade to the latest version as soon as possible to steer clear of the poisoned GIF.

A critical vulnerability 'CVE-2019-11932,' allows hackers to access your chat logs and personal information by sending you a poisoned GIF.

The flaw called "Double-free vulnerability" triggers when the free() parameter is twice the same value and argument inside the software. When this happens, it causes memory in use to leak and become corrupted, opening the door to the execution of arbitrary code by a determined hacker.

The issue discovered by an independent security researcher who goes by the name "Awakened." While his or her true identity is unknown, the technical specifications were published of the attack on GitHub; revealing that the bug triggers in two ways.
The first way requires a piece of malware code injected on a target Android device. This software generates a poisoned GIF used to hack Whatsapp via a collection of library data.

The second variant of the attack requires that a Whatsapp user exposure to the poisoned GIF via other channels. The poisoned file is sent directly to the user or inserted into a user's gallery.

The company moved swiftly to patch the issue, and if you're not running a version below 2.19.244, you're fine. If you are running an older version, you should update it immediately.  And better yet just set Whatsapp to receive automatic updates so issues like these won't plague you in the future.

Two things to keep in mind: First, this issue only seems to affect Whatsapp for Android. Second, so far, there's no evidence that the attack exists in the wild.

It pays to upgrade because now that the details of the attack are publicly available, it's a matter of time.


Leave a comment!

Your email address will not be published. Required fields are marked *