Saturday, April 13, 2024

New WhatsApp RCE Vulnerability Let Remote Hackers Steal the Files in Your Android Phone Using Malformed GIF’s

A security researcher discovered a critical Double-free vulnerability in WhatsApp allows remote attackers to take control of your Android phone and Steal the files by sending malformed GIFs.

Facebook-owned privacy-oriented messenger WhatsApp is one of the Top-ranked Messanger apps with more than Billion users around the world in both Android and iPhone.

The researcher found that the Double-free vulnerability that resides in the WhatsApp‘s Gallery view implementation, which is mainly used to generate a preview for media such as images, videos, and GIFs.

To Exploit this double-free vulnerability, the attacker sends a GIF file to the targeted Android device via any channels and the user just needs to open a gallery via pressing the Paper Clip button in WhatsApp.

A researcher with the nickname of Awakened, find this Double-free vulnerability in WhatsApp said through his Technical Writeup “user does not have to send anything because just opening the WhatsApp Gallery will trigger the bug. No additional touch after pressing WhatsApp Gallery is necessary.”

WhatsApp Double-free vulnerability Attack Vectors

Attackers can exploit this vulnerability using two different attack vectors that are both local privilege escalation and remote code execution on victims’ Android devices.

With Local privilege Escalation, the Attacker will install a malicious app in the victims’ Android Phone, and the app can collect addresses of zygote libraries and generates a malicious GIF file.

Once the Malicious GIF file implant to the Android devices, it can execute the code in the WhatsApp context and app eventually steal the files from WhatsApp sandbox that includes a message database.

In Remote code execution Attack Vector, Attackers can abuse and pair with the application such as a browser that has remote memory information disclosure vulnerability to collect the addresses of zygote libraries and craft a malicious GIF file.

Later he will send the malicious GIF file to the targeted victims via WhatsApp with the format of the attachment( not as an image through Gallery Picker).

Once the user will open the gallery view through WhatsApp, The malicious GIF file will eventually trigger the remote shell in the WhatsApp context.

RCE Exploit Demonstration

Awakened create a proof-of-concept for this Whatsapp Double-free vulnerability and demonstrate the attack in the below video.

In this Video Demo, We could see that the malicious GIF file received and the file can be received the file via any medium.

The Corrupted GIF file is downloaded automatically without any user interaction in the victims mobile.

If the victims want to send any media file to his friends, he needs to tap the Paper clip button and opens the WhatsApp Gallery to choose a media file to send to his friend.

Since the bug resides in the WhatsApp‘s Gallery view implementation, the user does not have to send anything because just opening the WhatsApp Gallery will trigger the bug without any additional touch.

“By default, WhatsApp shows previews of every media (including the GIF file received), it will trigger the Whatsapp Double-free vulnerability and our RCE exploit.” Awakened said.

The vulnerability has been successfully tested in Android 8.1 and 9.0 and if you’re using any below than WhatsApp version 2.19.244 then its times to update your WhatsApp Immediately.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Also Read: WhatsApp Privacy Flaw – Delete for Everyone Feature Fails to Delete Media from iPhone


Latest articles

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles