WhatsApp Exploit POC Allows Attackers to Hijack Chat Sessions Via Malicious GIFs

Heads up WhatsApp users! If you haven’t updated your WhatsApp yet, you must do it now as a serious security flaw exposes your chats to attackers. A security researcher has discovered an RCE vulnerability in WhatsApp that allows hijacking chat sessions simply by sending malicious GIFs.

According to the report shared by a researcher with the alias ‘Awakened’, a serious bug threatens the privacy of WhatsApp users. As discovered,  a double-free RCE vulnerability exists in WhatsApp Messenger exploiting which allows for hijacking chat sessions.

To exploit the flaw, an attacker would simply need to send a malicious GIF to the victim. An adversary could trigger the flaw in two ways.

First, via local privilege escalation through a malicious app installed on the target device. According to the researcher,

This would allow stealing files in WhatsApp sandbox.

Second, via remote code execution by sending a malicious GIF. As explained by the researcher,

When the recipient opens the Gallery view in WhatsApp, the GIF would trigger the remote shell on the target device:

You Might Also Like