WhatsApp application has reported yesterday as prone of vulnerabilities from security researchers Valerio Brussani in exploiting sites.
According to the report shared by a researcher with the alias ‘Awakened’, a serious bug threatens the privacy of WhatsApp users. As discovered, a double-free RCE vulnerability exists in WhatsApp Messenger exploiting which allows for hijacking chat sessions. To exploit the flaw, an attacker would simply need to send a malicious GIF to the victim. An adversary could trigger the flaw in two ways. First, via local privilege escalation through a malicious app installed on the target device. According to the researcher,
“The app collects addresses of zygote libraries and generates a malicious GIF file that results in code execution in WhatsApp context. “.
This would allow stealing files in WhatsApp sandbox. Second, via remote code execution by sending a malicious GIF. As explained by the researcher,
“Pairing with an application that has a remote memory information disclosure vulnerability (e.g. browser), the attacker can collect the addresses of zygote libraries and craft a malicious GIF file to send it to the user via WhatsApp (must be as an attachment, not as an image through Gallery Picker).”
Update WhatsApp Now!
The vulnerability CVE-2019-11932 discovered by Awakened allegedly affected WhatsApp versions until 2.19.230. It primarily posed a threat to Android 8.1 and 9.0. this is because for Android versions before 8.1, triggering the exploit crashes the app before the hack.
“In the older Android versions, double-free could still be triggered. However, because of the malloc calls by the system after the double-free, the app just crashes before reaching to the point that we could control the PC register.”
After discovering the bug, the researcher reported the matter to Facebook for further action. Following his report, Facebook patched the flaw with WhatsApp version 2.19.244.