A New WhatsApp RCE vulnerability let the hackers hack your android devices using GIFs
A new WhatsApp vulnerability has been discovered by a security researcher. In this vulnerability, a hacker can hack any android device just by sending GIFs through WhatsApp.
WhatsApp is one of the leading messenger apps that is owned by Facebook and has a billion users across the globe. It can be run on both Android and iOS devices.
There was a security vulnerability, and it remained unpatched for months. And it is said that if this vulnerability is exploited then it could have the attacker to hack the device and steal data.
What is WhatsApp RCE Vulnerability?
RCE is Remote Code Execution Vulnerability. It is a double-free vulnerability that lies in the Gallery view implementation. And it is generally used to develop a preview whenever a user which to upload or send the file to others.
How is WhatsApp RCE Vulnerability exploited?
This vulnerability is exploited by the attackers, in which the attacker needs to send a GIF file to the targeted Android phones and the user has to only open a gallery by tapping the Paper Clip Button or the attachment icon in WhatsApp.
Attack Vectors of WhatsApp Double-free vulnerability:
This Double-free vulnerability can be exploited by using two different attack vectors. Both of them are listed below:
- Local Privilege Escalation: In this method, the attacker has to install an app into the targeted Android device. Then this app will automatically gather the addresses of zygote libraries and can develop a malicious GIF on its own. And once this GIF is executed/used, it can steal data from the victim’s WhatsApp account.
- Remote Code Execution (RCE): In this vector, a hacker can attach with the applications that are used to browse the internet such as a browser, that has a vulnerability (named remote memory information vulnerability) in order to retrieve the addresses of zygote libraries and can develop a harmful GIF. Afterward, he will just send that GIF to the targeted device/user with an attachment format. And once the user opens the gallery view via WhatsApp then the device is compromised and the data is stolen.
Awakened said,” WhatsApp shows the preview of every media like photos, GIFs including the ones that are received, by default. And due to which double-free vulnerability and RCE exploit is triggered.”
The vulnerability has been patched in the new updates but if you’re the ones with the versions 2.19.244 or below than that, then it is highly recommended to you to update your WhatsApp app as soon as possible.
- Can you stand your hubby bare feet
- Which animal will never become extinct
- Is this helpful to learn Spanish
- Did Benito Mussolini hate Jews
- Was Breaking Bads El Camino boring
- What are the future treatments for glaucoma
- How do common sense and sociology differ
- How many are types of astrology exist
- Are diversity initiatives making America more divisive
- Should I really listen to my heart
- What Is the Northernmost Town in America
- Can your PC run Crysis 3
- What single sentence can break a marriage
- Are drinks considered edible
- What does pity mean
- Which companies use the CAPM
- Is the TERI University a private one
- Why is life in Syria so bad