Friday, March 29, 2024

New WhatsApp RCE Vulnerability Let Remote Hackers Steal the Files in Your Android Phone Using Malformed GIF’s

A security researcher discovered a critical Double-free vulnerability in WhatsApp allows remote attackers to take control of your Android phone and Steal the files by sending malformed GIFs.

Facebook-owned privacy-oriented messenger WhatsApp is one of the Top-ranked Messanger apps with more than Billion users around the world in both Android and iPhone.

The researcher found that the Double-free vulnerability that resides in the WhatsApp‘s Gallery view implementation, which is mainly used to generate a preview for media such as images, videos, and GIFs.

To Exploit this double-free vulnerability, the attacker sends a GIF file to the targeted Android device via any channels and the user just needs to open a gallery via pressing the Paper Clip button in WhatsApp.

A researcher with the nickname of Awakened, find this Double-free vulnerability in WhatsApp said through his Technical Writeup “user does not have to send anything because just opening the WhatsApp Gallery will trigger the bug. No additional touch after pressing WhatsApp Gallery is necessary.”

WhatsApp Double-free vulnerability Attack Vectors

Attackers can exploit this vulnerability using two different attack vectors that are both local privilege escalation and remote code execution on victims’ Android devices.

With Local privilege Escalation, the Attacker will install a malicious app in the victims’ Android Phone, and the app can collect addresses of zygote libraries and generates a malicious GIF file.

Once the Malicious GIF file implant to the Android devices, it can execute the code in the WhatsApp context and app eventually steal the files from WhatsApp sandbox that includes a message database.

In Remote code execution Attack Vector, Attackers can abuse and pair with the application such as a browser that has remote memory information disclosure vulnerability to collect the addresses of zygote libraries and craft a malicious GIF file.

Later he will send the malicious GIF file to the targeted victims via WhatsApp with the format of the attachment( not as an image through Gallery Picker).

Once the user will open the gallery view through WhatsApp, The malicious GIF file will eventually trigger the remote shell in the WhatsApp context.

RCE Exploit Demonstration

Awakened create a proof-of-concept for this Whatsapp Double-free vulnerability and demonstrate the attack in the below video.

In this Video Demo, We could see that the malicious GIF file received and the file can be received the file via any medium.

The Corrupted GIF file is downloaded automatically without any user interaction in the victims mobile.

If the victims want to send any media file to his friends, he needs to tap the Paper clip button and opens the WhatsApp Gallery to choose a media file to send to his friend.

Since the bug resides in the WhatsApp‘s Gallery view implementation, the user does not have to send anything because just opening the WhatsApp Gallery will trigger the bug without any additional touch.

“By default, WhatsApp shows previews of every media (including the GIF file received), it will trigger the Whatsapp Double-free vulnerability and our RCE exploit.” Awakened said.

The vulnerability has been successfully tested in Android 8.1 and 9.0 and if you’re using any below than WhatsApp version 2.19.244 then its times to update your WhatsApp Immediately.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates

Also Read: WhatsApp Privacy Flaw – Delete for Everyone Feature Fails to Delete Media from iPhone

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles