Categories: AndroidVulnerability

GIF Processing Vulnerability That Present in WhatsApp Also Affects More Than 28,300 Android Apps

WhatsApp recently patched a vulnerability that allows remote attackers to execute arbitrary code or cause a DoS situation. The vulnerability can be tracked as CVE-2019-11932.

The vulnerability resides “libpl_droidsonroids_gif” library which is the part of the android-gif-drawable package. The library is responsible for providing Views and Drawable for displaying animated GIFs on Android.

The vulnerability was patched with version 2.19.244, affected version 1.2.15, but the problem is, still several apps that use the old version are under risk.

Double-free Bug

The vulnerability was discovered by security researcher Awakened in WhatsApp and he managed to convert the double-free bug to an RCE.

Facebook acknowledged the vulnerability and patched with WhatsApp version 2.19.244 or above, users are recommended to update with a new version to stay safe.

An attacker could exploit this vulnerability by sending a crafted zip file that contains three frames with sizes 100, 0 and 0. With Android double-free of the memory size leads to double-free vulnerability.

  • After the first re-allocation, we have info->rasterBits buffer of size 100.
  • In the second re-allocation of 0, info->rasterBits buffer is freed.
  • In the third re-allocation of 0, info->rasterBits is freed again.

Trend Micro has published a video demonstrating the vulnerability.

Impact of the vulnerability

Earlier it was mentioned only the WhatsApp was affected, but there are more than 28,300 Android Apps that use android-gif-drawable are under risk. These apps are in Google play and with other third-party stores.

According to the Trend Micro report, “As it turned out, quite a few. On Google Play alone, we found more than 3,000 applications with this vulnerability. We also found many other similar apps hosted on third-party app stores such as 1mobile, 9Apps, 91 market, APKPure, Aptoide, 360 Market, PP Assistant, QQ Market, and Xiaomi Market.”

Here you can find the list of vulnerable apps. If you use any one of the vulnerable apps that it may let an attacker to exploit the vulnerability and to take control over the device.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions…

1 day ago

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through…

2 days ago

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the initial…

2 days ago

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store, which…

2 days ago

Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide

The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target employees…

2 days ago

New Python NodeStealer Attacking Facebook Business To Steal Login Credentials

NodeStealer, initially a JavaScript-based malware, has evolved into a more sophisticated Python-based threat that targets…

2 days ago