Monthly Archives: November 2019

Whatsapp Remote Code Execution Vulnerability

Category : Blog

Trending WhatsApp Remote Code Execution Vulnerability that let the Hackers hack Android Devices by using Just a GIF Image



A new WhatsApp vulnerability that has been discovered by a security researcher. In this vulnerability, a hacker can compromise user chat sessions, files, and messages through malicious GIFs. Today, this short looping clips, GIFs are everywhere – on social media, on your messaging applications, on your chats, helping users to express their emotions, making people laugh and make fun. Even people make gifs of themselves.

WhatsApp Messenger is a freeware, cross-platform messaging service owned by Facebook. It allows users to send text messages and voice messages, also make voice and video calls, and share images, documents, user locations, contacts, and other media and has a billion users across the globe. There is this security vulnerability, and it remained unpatched for months. And it potters that if this
vulnerability is exploited by the attacker then it could have the attacker to hack the device and steal user data. It is found in Android versions below 2.19.244.

What is WhatsApp RCE Vulnerability?

RCE is Remote Code Execution Vulnerability. It is a double-free vulnerability that lies in the Gallery view implementation. A double-free vulnerability is when the free() parameter is called twice on the same value and argument in the application. And in this case, the memory may leak or become corrupted, giving attackers all the
opportunity to overwrite elements. And it is generally used by developers to develop a preview whenever a user wants to upload or send the file to people.
The overwriting of the elements can simply happen with the payload which will be executed in the WhatsApp content. Which will give the permission to read and access the SDCard and message database? The Malicious code/Payload will have all the permissions of the WhatsApp like, audio recording, accessing the camera, accessing photos, contacts and files/documents. Even the sent box which will have all the data.

How is WhatsApp RCE Vulnerability exploited?

This vulnerability is exploited by the hackers, wherein the hacker needs to send a specially crafted malicious GIF file to targeted Android phones via any online communication channel and then wait for a gallery by tapping the Paperclip Button or the attachment icon in WhatsApp.

The target here said, “WhatsApp shows the preview of all media like photos, GIFs including the ones that are received. And due to which double-free vulnerability and RCE exploit is triggered.” The security flaw is patched with CVE-2019-11932, the exploit is titled as WhatsApp 2.19.216 – Remote Code Execution
The vulnerability has been patched in the new updates of WhatsApp. But if the users are using the versions 2.19.244 or below than that, then it is highly recommended the users to update their WhatsApp app to the latest version from the Google Play Store as soon as possible.



Category : Blog


Python is not mostly used language but it is well designed as compare to other language and delivers many features that can help a newcomers to became a good developer and establish developer can switch to python. As compared to other language like C , C++ and java Python is constantly growing.  As a language, it is aspect-oriented which means there are modules with different functionality. So first the developer has to create the modules and afterwards, based on the “if then” action, depending on the user’s action, the algorithm triggers a particular block and brings the result. The Python language has a variety of uses in the software field, but developers are mostly dealing with backend components, connecting applications and giving support to frontend developers in web applications. Of course, you might create applications with use of different languages but pretty often Python is the language chosen for it – and there are reasons for that!




Lets talk about the skills now ! What are the technical and soft skills you need became a good developer ?


Quite obvious, Python is the main language which you are going to use at work to finish the project. Fortunately, if you are a developer but focused on other languages, the language switch might come with ease. Python is the general-purpose programming language with constantly increasing demand for. Due to relatively easy learning path, it is beginner-friendly and definitely experienced-developer-friendly as well! There is no need to know each module but at least, regardless of basic syntax and semantics, the differences between Python 2 and 3. A good Python dev can smoothly adjust to those, however, it is not a big deal because the distinction is rarely required. It is also advisable to know python’s data structures. While you do not have to learn by heart how to implement a b-tree, knowing what lies under the hood of a set, dict or list will come in handy both in small and big projects.


Frameworks for Python


Frameworks for Python :  

Knowing Python frameworks is a must, however, it doesn’t mean that a Python developer has to know them all. Depending on the project you may be asked to know one or another, used are Django, Flask, and CherryPy.  Undoubtedly, if you already know Python, you had a chance to work with at least one of the most popular frameworks! The basic and well-defined structure offered by the frameworks is usually appreciated by devs while figuring out the core logic of the application.



ORM library familiarity


ORM library familiarity :  

Using and connecting application through an ORM (Object Relational Mapper) like SQLAlchemy, Django ORM and so on is easier, faster and more efficient than writing SQL – which means, more likely it is preferred by the team. Good to have it in your skillset!


Basic knowledge of front-end technologies :  

Very often any python developer has to cooporate with frontend team to make match the server side with the client-side . Now its important to understand how the frontend works , what’s possible and what’s not , how the application is going to appear. But Of course, in proper agile software houses, there is also a UX team, project/product manager and SCRUM master to coordinate the workflow. It doesn’t mean that a frontend is a must-know for a Python dev but definitely, in some projects, this kind of knowledge and experience is more than welcome.


AI and Machine Learning  :

This will be a huge plus for you if you know what is it about! AI and Machine Learning (as well as deep learning) are constantly growing as a field – Python is a perfect programming language for that. If you are into data science, then definitely digging in the Machine Learning topic would be a great idea.


Python Libraries :

Libraries make a developer’s life easier, the team’s workflow more efficient and task’s execution way faster. Depending on the projects nature, it is better to know the libraries which are going to help you in everyday work. Python, as a community-based programming language, has an answer to almost any possible request. Some of the library function like Requests , Scrapy , Wxpython , Pillow , SQLAlchemy and so on.


Version control :

Keeping track of every change made to the file to later on source the code is a must-know for each developer! In most of the job offers you can see this as a requirement – thankfully it is not difficult to get familiar with and if you have been coding since a while, you have properly set your GitHub and terms like “push, fork, pull, commit” are not random words for you.


Communication :

Let’s not forget that a developer’s work is not only typing the lines of code! In best software development firms the teams are made out of amazing programmers which work together to achieve the final goal – no matter if it means to finish the project, to create a new app or maybe to help a startup skyrocket. However, working in a team means that a developer has to communicate well – not only to get the stuff done but also to keep the documentation clear so others can easily read and follow the thinking path to fully understand the idea.


Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore