Skip to main content

Featured Post

AMD to invest $400 million in India by 2028: Here’s what we know

US chipmaker Advanced Micro Devices said on Friday it will invest around $400 million in India over the next five years and will build its largest design center in the tech hub of Bengaluru. AMD’s announcement was made by its Chief Technology Officer Mark Papermaster at an annual semiconductor conference that started Friday in Prime Minister Narendra Modi’s home state of Gujarat. Other speakers at the flagship event include Foxconn Chairman Young Liu and Micron CEO Sanjay Mehrotra. Despite being a late entrant, the Modi government has been courting investments into India’s nascent chip sector to establish its credentials as a chipmaking hub. AMD said it will open its new design centre campus in Bengaluru by end of this year and create 3,000 new engineering roles within five years. “Our India teams will continue to play a pivotal role in delivering the high-performance and adaptive solutions that support AMD customers worldwide,” Papermaster said. The new 500,000-square-foot (55,5...
1 comment
Read more
Labels

WhatsApp Out-Of-Bounds read-write vulnerability: How it could have led to sensitive data leakage

WhatsApp image filter function had a potential security flaw that could allow hackers to get hold of sensitive data. The major security vulnerability was discovered by security research firm Check Point Research (CPR). The research firm pointed out that the flaw rooted in the image filter function of WhatsApp for Android could be triggered when a user opened a maliciously crafted image file.

WhatsApp Out-Of-Bounds read-write vulnerability: What is it, how it could have led to sensitive data leakage

WhatsApp Out-Of-Bounds read-write vulnerability was unearthed by Check Point Research last year in November. The vulnerability cited to be a memory corruption issue caused the image filter function of the cross-messaging app to crash when it was used with some specially-designed GIF files.

The exploitation of the vulnerability would have “required complex steps and extensive user interaction,” the researchers at the cybersecurity firm pointed. The Facebook-owned company, however, refuted to have found any evidence that the vulnerability was ever abused.

According to CPR, the security flaw was triggered “when a user opened an attachment that contained a maliciously crafted image file, then tried to apply a filter, and then sent the image with the filter applied back to the attacker.”

While the issue was disclosed last year, WhatsApp took time to fix the issue and pushed an update via version 2.21.1.13 in February that added two new checks on source images and filter images to restrict memory access.

“Once we discovered the security vulnerability, we quickly reported our findings to WhatsApp, who was cooperative and collaborative in issuing a fix. The result of our collective efforts is a safer WhatsApp for users worldwide,” Oded Vanunu, Head of Products Vulnerabilities Research at Check Point stated.

WhatsApp, no doubt acknowledged the issue, released the security fix, and has listed the details of the vulnerability on its security advisories site as CVE-2020-1910.

“People should have no doubt that end-to-end encryption continues to work as intended and people’s messages remain safe and secure. This report involves multiple steps a user would have needed to take and we have no reason to believe users would have been impacted by this bug. That said, even the most complex scenarios researchers identify can help increase security for users, ” WhatsApp responding to Check Point Research said.

The cross-messaging platform has advised users to keep the app and OS up to date and download the updates as and when it is rolled out and report any malicious activity that they experience while using WhatsApp.

The post WhatsApp Out-Of-Bounds read-write vulnerability: How it could have led to sensitive data leakage appeared first on BGR India.



from BGR India https://ift.tt/3n038yc
via IFTTT
Email Post
Labels:

Comments

Post a Comment

add