WhatsApp has recently patched a vulnerability in its image filter function that, if exploited, could lead to a user’s sensitive information being stolen.
This comes in a year when the Facebook messaging app has suffered from privacy woes. This began in early 2021 when it updated its policies that threatened to hand over user data to Facebook, which could further loan in out to third party advertisers.
This new flaw was spotted by cybersecurity firm Check Point Research but luckily got fixed on time after it was brought to the attention of WhatsApp’s developers. According to Check Point, there is a chance that no one got to notice and exploit it despite it existing for a long time.
The vulnerability was brought on as a result of WhatsApp’s image filter function; a feature present across both regular WhatsApp as well as WhatsApp Business versions. Check Point labelled it the Out of Bound Read-Write vulnerability. While the full extent and nature of the vulnerability are obviously not revealed, to prevent exploitation, a general understanding of its setup is available. This will also reveal why no one was able to pull off the exploit in the first place.
Basically, the exploit starts when a user sends in a picture that is designed to pass through the filter and corrupt WhatsApp’s memory. Then, that image with the filter applied would have to be sent back to the original malicious user.
Now, how will anyone ever convince the other user to send the filtered image back is tricky, to say the least. However, it’s still a problem that was brought to the design team attention and perhaps in the nick of time as well.