A new vulnerability has been discovered in WhatsApp which leverages malicious GIFS to compromise user chat sessions, files and messages.
The security flaw, referred to as CVE-2019-11932, is a double-free bug that exists in WhatsApp for Android in all versions below 2.19.244.
A double-free vulnerability occurs when the free() parameter is called twice on the same value & argument in software. This kind of bug could lead to memory leaking or becoming corrupted and this gives an attacker the chance to overwrite elements or even execute arbitrary code.
- WhatsApp attack allowed hackers to install surveillance tech
- Google boosts bug bounties for Play Store apps
- Hackers can alter WhatsApp chats to show fake information
The WhatsApp vulnerability was discovered by a researcher who goes by the handle “Awakened” who created and used a malicious GIF file to trigger the vulnerability to perform a Remote Code Execution (RCE) attack.
WhatsApp double-free vulnerability
In a technical writeup (opens in new tab) on GitHub, Awakened explained that the bug can be triggered in two ways. The first way requires that a malicious application is already installed on a target Android device and the app then creates a malicious GIF file used to steal files from WhatsApp by collecting library data.
The second attack method requires that a user be exposed to a malicious GIF's payload in WhatsApp either as an attachment or through other channels. However, if a GIF is sent directly through WhatsApp's Gallery Picker, the attack will fail. Once a user opens the Gallery View in WhatsApp, the GIF file will be parsed twice which will trigger a remote shell in the app and lead to RCE.
Android 8.1 and 9.0 are both exploitable using the flaw though versions of the OS below 8.0 are not. According to Awakened, the double-free bug can still be triggered in older versions of Android but a crash occurs before any malicious code can be executed.
The security researcher informed Facebook of the vulnerability which has since been patched in version 2.19.244 of WhatsApp. To prevent falling victim to this attack, it is highly recommended that all WhatsApp users update the app to the latest version.
- Also check out the best Android antivirus apps
Via ZDNet (opens in new tab)