WhatsApp finally fixes 'Out-Of-Bounds' data exposure vulnerability

With more than two billion active users, WhatsApp is the most used messenger app in the world. Any minor security glitch can have devasting impact on many people.

In 2019, a report emerged that several government agencies had hired Israeli-company NSO Group to spy on activists and journalists. The former had used the Pegasus tool to install spyware inside the targeted people's phones via WhatsApp.

The company patched soon after the discovery of the loophole in the messenger app and now, security experts at Check Point Research (CPR) have averted another disaster. They discovered 'Out-Of-Bounds' read-write vulnerability in WhatsApp.

It was found in WhatsApp image filter functionality. This would have hackers create an image laced with malicious code for remote execution via WhatsApp. It can be programmed to get triggered when a user opens an



attachment.

The security loophole was only known to the CPR experts and was duly alerted to WhatsApp in November 2020. However, the Facebook-owned company took its own sweet time to finally fix it.

"The issue, which has been patched and remains theoretical, would have required complex steps and extensive user interaction in order to exploit and could have allowed an attacker to read sensitive information from WhatsApp memory," Check Point Research experts said.

WhatsApp recently rolled out the new software patch v2.21.1.13 to WhatsApp for Android and Webdesk versions.

If you haven't updated your WhatsApp, do it now. You can manually do it by going to App Store >> type WhatsApp >> tap on the Update button.

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.