Category : Blog
Trending WhatsApp Remote Code Execution Vulnerability that let the Hackers hack Android Devices by using Just a GIF Image
A new WhatsApp vulnerability that has been discovered by a security researcher. In this vulnerability, a hacker can compromise user chat sessions, files, and messages through malicious GIFs. Today, this short looping clips, GIFs are everywhere – on social media, on your messaging applications, on your chats, helping users to express their emotions, making people laugh and make fun. Even people make gifs of themselves.
WhatsApp Messenger is a freeware, cross-platform messaging service owned by Facebook. It allows users to send text messages and voice messages, also make voice and video calls, and share images, documents, user locations, contacts, and other media and has a billion users across the globe. There is this security vulnerability, and it remained unpatched for months. And it potters that if this
vulnerability is exploited by the attacker then it could have the attacker to hack the device and steal user data. It is found in Android versions below 2.19.244.
What is WhatsApp RCE Vulnerability?
RCE is Remote Code Execution Vulnerability. It is a double-free vulnerability that lies in the Gallery view implementation. A double-free vulnerability is when the free() parameter is called twice on the same value and argument in the application. And in this case, the memory may leak or become corrupted, giving attackers all the
opportunity to overwrite elements. And it is generally used by developers to develop a preview whenever a user wants to upload or send the file to people.
The overwriting of the elements can simply happen with the payload which will be executed in the WhatsApp content. Which will give the permission to read and access the SDCard and message database? The Malicious code/Payload will have all the permissions of the WhatsApp like, audio recording, accessing the camera, accessing photos, contacts and files/documents. Even the sent box which will have all the data.
How is WhatsApp RCE Vulnerability exploited?
This vulnerability is exploited by the hackers, wherein the hacker needs to send a specially crafted malicious GIF file to targeted Android phones via any online communication channel and then wait for a gallery by tapping the Paperclip Button or the attachment icon in WhatsApp.
The target here said, “WhatsApp shows the preview of all media like photos, GIFs including the ones that are received. And due to which double-free vulnerability and RCE exploit is triggered.” The security flaw is patched with CVE-2019-11932, the exploit is titled as WhatsApp 2.19.216 – Remote Code Execution
The vulnerability has been patched in the new updates of WhatsApp. But if the users are using the versions 2.19.244 or below than that, then it is highly recommended the users to update their WhatsApp app to the latest version from the Google Play Store as soon as possible.