WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted

[silversurfer]

A security vulnerability in WhatsApp’s pic-retouching function could allow an attacker to read sensitive information from the WhatsApp memory, researchers said – so users should be careful whose pics they view and should, of course, update their apps.
 
Disclosed by Check Point Research (CPR), the issue can be exploited by applying specific image filters to a specially crafted image (i.e., a malformed .GIF file) and sending it to a target. Image filters are of course the built-in visual-effects tools in WhatsApp used to change the color, saturation, tone, sharpness and more of a photo taken.
 
The bug (CVE-2020-1910) carries a 7.8 out of 10 rating on the CVSS vulnerability-severity scale. It’s due to a memory-corruption error, the firm said – and more specifically a heap-based, out-of-bounds read-and-write issue. Typically, this kind of vulnerability can allow attackers to read sensitive information from other memory locations or cause a crash.
 
“CPR learned that switching between various filters on crafted .GIF files indeed caused WhatsApp to crash,” according to a Thursday report.
 
“What’s important about this issue is that given a very unique and complicated set of circumstances, it could have potentially led to the exposure of sensitive information from the WhatsApp application,” according to CPR’s writeup.

Read more: WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted | Threatpost