CPR标记安全漏洞后,WhatsApp修复了图像过滤器中的问题

“心肺复苏术确认其中一起事故是记忆损坏。CPR迅速将该问题报告给WhatsApp,后者将该漏洞命名为CVE-2020-1910,并将其详细描述为越权读写问题。”

CPR标记安全漏洞后,WhatsApp修复了图像过滤器中的问题新德里:检查研究CPR.)周四表示,该公司已标记出一个安全漏洞WhatsApp这一功能可能被攻击者利用来读取敏感信息,而这一问题现在已被消息传递平台修复。“心肺复苏暴露了WhatsApp的安全漏洞……攻击者可能利用该漏洞从WhatsApp的内存中读取敏感信息。”

该公司补充称,该漏洞根源于WhatsApp的图像过滤功能,在研究期间,CPR了解到,在精心制作的GIF文件上切换各种过滤器会导致WhatsApp崩溃。

“心肺复苏术确认其中一起事故是记忆损坏。CPR迅速将该问题报告给WhatsApp,后者将该漏洞命名为CVE-2020-1910,并将其详细描述为越权读写问题。”

它补充说,要想成功利用这一漏洞,攻击者需要对经过特殊处理的图像应用特定的图像过滤器,并发送生成的图像。

“WhatsApp拥有20多亿活跃用户,对攻击者来说可能是一个有吸引力的目标。我们发现安全漏洞后,迅速向WhatsApp报告了我们的发现,后者在发布修复时表现出了合作和协作。我们共同努力的结果是为全球用户打造一个更安全的WhatsApp,”产品漏洞研究Check Point负责人Oded Vanunu说。

当记者联系到WhatsApp时,该公司的一名发言人表示,该公司定期与安全研究人员合作,“以改善WhatsApp保护人们信息的多种方式,我们感谢Check Point对我们应用程序的每个角落所做的工作”。

“人们毫无疑问,船首发言人补充说:”人们应该毫无疑问继续使用预期的加密,而人们的信息保持安全和安全。“

请关注并联系我们FacebookLinkedin
\"WhatsAppNew Delhi: Check Point Research<\/a> (CPR<\/a>) on Thursday said it had flagged a security vulnerability in WhatsApp<\/a>'s image filter function that could have been exploited by attackers to read sensitive information, and the same has now been fixed by the messaging platform. \"CPR exposed a security vulnerability in WhatsApp...An attacker could have exploited the vulnerability to read sensitive information from WhatsApp memory,\" CPR said in a statement.

It added that the vulnerability was rooted in WhatsApp's image filter function and during its research study, CPR learned that switching between various filters on crafted GIF files caused WhatsApp to crash.

\"CPR identified one of the crashes as memory corruption. CPR promptly reported the problem to WhatsApp, who named for the vulnerability CVE-2020-1910, detailing it as an out-of-bounds read and write issue,\" it noted.