[email protected] (04) 3795 8282 - (04) 3795 8228 - 1800 556 864
.30 Oct


Today, short clips, GIFs are everywhere on social media, on message boards, on chats, helping users to perfectly express their emotions, making it possible for people to Have fun, relax and highlight the meaning of the conversation. But what if a GIF greeting looks innocent with a message Good morning, Happy Birthday or Merry Christmas "hack" the phone in your hand?

The WhatsApp app (a cross-platform messaging app) recently patched an important security hole in its Android app, which has been patched since it was discovered three months after being discovered. and if exploited, can allow hackers to gain access to Android devices and potentially steal the files and resources on the device, and more seriously, chat messages or accounts of other applications have on the victim machine.

WhatsApp Remote Code Execution Vulnerability

The vulnerability, publicized with the ID CVE-2019-11932, is a "double-free" vulnerability, which simply means calling the free function twice when using HEAP dynamic memory in C. This flaw is not included in the source code. of the WhatsApp application that is in the open source library that WhatsApp uses to process photos.

Discovered by Vietnamese security researcher Pham Hong Nhat in May this year, this vulnerability led to remote code execution attacks (RCE), allowing attackers to execute arbitrary code on Mobile devices that use WhatsApp.

“Payload (exploit code) is executed in the WhatsApp context. Therefore, it has the right to read SDCard and access the WhatsApp message database, ”the author answered in an interview with Thehackernews.

“The malicious code will have all the rights that WhatsApp has, including recording, accessing the camera, accessing the file system, as well as WhatsApp's sandbox files including messaging facilities, and chats. protection by application, etc.

How does this flaw work?

WhatsApp uses a parsing library to create a preview of GIF files when users open their device before sending them to friends or family.

So this flaw can not "Activate" by sending a malicious GIF file to the victim. Instead, it is triggered when the victim selects the WhatsApp Gallery Picker library and sends these photos to others.

Readers can view PoC here:

To exploit this vulnerability, all an attacker needs to do is send a manually created malicious GIF (insert malicious code) to Android users via any online channel and wait for the user to open the image gallery. Photos in WhatsApp.

However, if an attacker wants to send a GIF file to a victim via any messaging platform like WhatsApp or Messenger, they need to send that file as a document instead of a media attachment, because when compressed Images used by these services will falsify malicious code hidden in the image.

The application version has vulnerabilities, and patches

The flaw affects versions of the WhatsApp 2.19.230 app and earlier versions running on Android 8.1 and 9.0 operating systems, which do not exist with Android OS 8.0 and below.

"In older versions of Android, the" double-free "flaw could still be affected. However, because malloc is called by the system after calling free functions, the application can only be exploited when I control the registers on the PC, "the researcher wrote.

Author Pham Hong Nhat told The Hacker News that he reported the vulnerability to Facebook, the owner of WhatsApp, in late July of this year, and the company developed a security patch in WhatsApp version 2.19.244. , released in September.

Therefore, in order to protect your device against all risks from this vulnerability, you should update WhatsApp to the latest version from the Google Play Store as soon as possible.

In addition, due to the vulnerability in the open source library, it is also possible that any other Android application using the same affected library could be vulnerable to the same attack. The effect, which is Android GIF Drawable, has also released version 1.2.18 of the software to patch this "double-free" flaw.

WhatsApp for iOS is not affected by this vulnerability.

We will have a technical analysis of this vulnerability, invite readers to watch and watch.

Source: Thehackernews.com

Write a post