What is the security bug attacking WhatsApp

A New WhatsApp RCE vulnerability let the hackers hack your android devices using GIFs

A new WhatsApp vulnerability has been discovered by a security researcher. In this vulnerability, a hacker can hack any android device just by sending GIFs through WhatsApp.

WhatsApp is one of the leading messenger apps that is owned by Facebook and has a billion users across the globe. It can be run on both Android and iOS devices.

There was a security vulnerability, and it remained unpatched for months. And it is said that if this vulnerability is exploited then it could have the attacker to hack the device and steal data.

What is WhatsApp RCE Vulnerability?

RCE is Remote Code Execution Vulnerability. It is a double-free vulnerability that lies in the Gallery view implementation. And it is generally used to develop a preview whenever a user which to upload or send the file to others.

How is WhatsApp RCE Vulnerability exploited?

This vulnerability is exploited by the attackers, in which the attacker needs to send a GIF file to the targeted Android phones and the user has to only open a gallery by tapping the Paper Clip Button or the attachment icon in WhatsApp.

Attack Vectors of WhatsApp Double-free vulnerability:

This Double-free vulnerability can be exploited by using two different attack vectors. Both of them are listed below:

  1. Local Privilege Escalation: In this method, the attacker has to install an app into the targeted Android device. Then this app will automatically gather the addresses of zygote libraries and can develop a malicious GIF on its own. And once this GIF is executed/used, it can steal data from the victim’s WhatsApp account.

 

  1. Remote Code Execution (RCE): In this vector, a hacker can attach with the applications that are used to browse the internet such as a browser, that has a vulnerability  (named remote memory information vulnerability)  in order to retrieve the addresses of zygote libraries and can develop a harmful GIF. Afterward, he will just send that GIF to the targeted device/user with an attachment format. And once the user opens the gallery view via WhatsApp then the device is compromised and the data is stolen.

Awakened said,” WhatsApp shows the preview of every media like photos, GIFs including the ones that are received, by default. And due to which double-free vulnerability and RCE exploit is triggered.”

The vulnerability has been patched in the new updates but if you’re the ones with the versions 2.19.244 or below than that, then it is highly recommended to you to update your WhatsApp app as soon as possible.

ALSO READ