Facebook-owned messaging service WhatsApp has patched a vulnerability that could have caused user data to be exposed.
First identified in November 2020 by Check Point Research, the vulnerability “could have allowed an attacker to read sensitive data from WhatsApp memory,” the information security researchers said.
According to Check Point, attackers would be required to take several complicated steps and communicate extensively with potential victims to exploit the weakness in the software.
“The vulnerability is related to the WhatsApp image filter functionality and was triggered when a user opened an attachment that contained a maliciously crafted image file, then tried to apply a filter, and then sent the image with the filter applied back to the attacker,” they said.
WhatsApp was informed of the issue upon its discovery and provided a fix for it in February 2021.
“Once we discovered the security vulnerability, we quickly reported our findings to WhatsApp, who was cooperative and collaborative in issuing a fix,” said Oded Vanunu, Check Point’s head of product vulnerabilities research.
The fix was made available in version 184.108.40.206. and includes two new tests on the source and filter image.
The company established that there was no evidence of the vulnerability being exploited.
WhatsApp, which announced last year that it has more than two billion users, recommended that users keep their apps and software up to date.