Tuesday, May 28, 2024

WhatsApp Privacy Flaw – Delete for Everyone Feature Fails to Delete Media from iPhone

WhatsApp introduced ‘delete for everyone’ feature last year. this is a quite life-saving feature which let you recall the message that you sent accidentally.

Security Consultant Shitesh Sachan, noted that the feature was not working an intended with media files if the recipient using an iPhone and having WhatsApp feature Save to Camera Roll enabled.

This feature is available only for iPhone users and it can be enabled or enabled WhatsApp > Settings > Chats > Save to Camera Roll.

WhatsApp Feature Save to Camera Roll

The problem is that if a user having this feature enabled then automatically images will get saved in the device’s Camera Roll and it cannot be deleted. Because of security restriction with iOS that denies third-party apps in accessing device gallery without permission.

According to Shitesh Sachan findings shared with GBHackers On Security, if the sender accidentally posted a photo and if he wants to delete the message using ‘delete for everyone’ feature the message will get delete only from the Whatsapp chat thread and not from Gallery if the recipient uses the iOS device.

With the android device the feature works as intended, Whatsapp can delete the photo’s saved in the Gallery, but not with iOS device’s,

“WhatsApp should accept and tell to everybody that images will not get removed from Iphone users if they have enabled this feature or they should remove the item once user requested for that despite having that feature enabled,” Shitesh Sachan added.

The issue is more sensitive in the case of Whatsapp group’s that contains both iOS and Android users. If user A shared a confidential photo in the group, later he deletes the message using ‘delete for everyone’ feature it works only for Android devices and not for iOS devices.

WhatsApp explained in a statement shared to The Hacker News, that using ‘delete for everyone’ feature removes the media from the chat thread, but if the user selected to save with Camera Roll, then it is out of WhatsApp control.

WhatsApp possibly make changes in the future release, it is always safe to double-check the messages before sending it.

Related Read:

WhatsApp Web – A Complete Guide To Use on Windows, Mac, Linux

Israel Firm Linked With WhatsApp Spyware Hack Faces Lawsuit


Latest articles

DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn

Hackers employ DNS for various purposes like redirecting traffic to enable man-in-the-middle attacks, infecting...

PoC Exploit Released For macOS Privilege Escalation Vulnerability

A new vulnerability has been discovered in macOS Sonoma that is associated with privilege...

CatDDoS Exploiting 80+ Vulnerabilities, Attacking 300+ Targets Daily

Malicious traffic floods targeted systems, servers, or networks in Distributed Denial of Service (DDoS)...

GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

GNOME desktop manager was equipped with a new feature which allowed remote users to...

Kesakode: A Remote Hash Lookup Service To Identify Malware Samples

Today marks a significant milestone for Malcat users with the release of version 0.9.6,...

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software's web-based...

Hackers Exploit WordPress Plugin to Steal Credit Card Data

Hackers have exploited an obscure WordPress plugin to inject malware into websites, specifically targeting...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles