Heads up WhatsApp users! If you haven’t updated your WhatsApp yet, you must do it now as a serious security flaw exposes your chats to attackers. A security researcher has discovered an RCE vulnerability in WhatsApp that allows hijacking chat sessions simply by sending malicious GIFs.
According to the report shared by a researcher with the alias ‘Awakened’, a serious bug threatens the privacy of WhatsApp users. As discovered, a double-free RCE vulnerability exists in WhatsApp Messenger exploiting which allows for hijacking chat sessions.
To exploit the flaw, an attacker would simply need to send a malicious GIF to the victim. An adversary could trigger the flaw in two ways.
First, via local privilege escalation through a malicious app installed on the target device. According to the researcher,
This would allow stealing files in WhatsApp sandbox.
Second, via remote code execution by sending a malicious GIF. As explained by the researcher,
When the recipient opens the Gallery view in WhatsApp, the GIF would trigger the remote shell on the target device: