Update now: WhatsApp bug allows malicious GIF to steal user data
A security researcher using the moniker “Awakened” has uncovered a security flaw in WhatsApp that could make it possible for hackers to steal data from devices running the popular messaging app merely by targeting users with nefarious GIFs. After a malicious image is sent to the victim’s phone, it will wait for the user to open the WhatsApp gallery. This will trigger the exploit and enable the GIF file to open up a remote shell that can be used by the attack to explore and exploit the device.
The vulnerability, tracked as CVE-2019-11932, is relatively easy to exploit and impacts all WhatsApp versions until 2.19.230 that run on Android 8.1 or 9. Affected users are urged to update WhatsApp to the latest version as soon as possible.