10-04-2019 , 10:25 AM
Quote:A vulnerability in WhatsApp that can be used to compromise user chat sessions, files, and messages through malicious GIFs has been disclosed.
The security flaw, CVE-2019-11932, is a double-free bug found in WhatsApp for Android in versions below 2.19.244.
A double-free vulnerability is when the free() parameter is called twice on the same value & argument in software. Memory may then leak or become corrupted, giving attackers the opportunity to overwrite elements.
Such errors can lead to memory leaks, crashes, and the execution of arbitrary code.
In this case, as described by researcher "Awakened" who found the issue, all it took to trigger the vulnerability and perform a Remote Code Execution (RCE) attack was the creation of a malicious GIF file.
According to the researcher's technical writeup on GitHub, the bug can be triggered in two ways. The first, which leads to local privilege escalation, requires a malicious application to already be installed on a target Android device. The app then generates a malicious GIF file used to steal files from WhatsApp through the collection of library data.
The second attack vector requires a user to be exposed to the GIF payload in WhatsApp as an attachment or through other channels. (If a GIF is sent directly through WhatsApp's Gallery Picker, however, the attack will fail.) Once the Gallery View is opened in the messaging application, the GIF file will be parsed twice and trigger a remote shell in the app, leading to successful RCE.
Continue reading HERE