“The vulnerability is specific to WhatsApp for Android users, who share GIF image files to others”
WhatsApp for Android has a bug that may leave you exposed to hackers. The vulnerability, referred to as CVE-2019-11932, is specific to WhatsApp’s GIF feature, which is a hit among the users. According to a security researcher, the hackers use the GIF file to push malicious code to a victim’s phone, either via a message or email or even a third-party app. So when a user downloads a GIF file and then opens it again within the gallery on WhatsApp, the code runs a ‘remote code execution’ attack on the Android phone allowing the hacker to gain access and take control of the user’s data.
The bug is said to exist on WhatsApp version 2.19.244, per the security researcher called Awakened – who created and used a malicious GIF file to trigger the vulnerability to perform a Remote Code Execution (RCE) attack. It has also recommended WhatsApp users to download the latest version of the app on their Android devices. “WhatsApp users, please do update to latest WhatsApp version (2.19.244 or above) to stay safe from this bug,” the post says.
WhatsApp, meanwhile, has addressed the issue and claimed that there has been no reports of any attacks on users exploiting this vulnerability. In a statement to The Next Web, the company said, “this issue affects the user on the sender side, meaning the issue could, in theory, occur when the user takes action to send a GIF. The issue would impact their own device.”