New WhatsApp RCE Vulnerability Let Hackers Steal the Files in Your Android Phone Using Malformed GIF’s is new Cyber Attack in Tech World.
Facebook-owned privacy-oriented messenger WhatsApp is one of the Top-ranked Messanger apps with more than Billion users around the world in both Android and iPhone.
Today, the short looping clips, GIFs are everywhere—on your social media, on your message boards, on your chats, helping users perfectly express their emotions, making people laugh, and reliving a highlight.
But what if an innocent-looking GIF greeting with Good morning, Happy Birthday, or Happy Diwali message hacks your smartphone? Well, thats true and now hackers can steal your all data through this GIFs.
WhatsApp has recently patched a critical security vulnerability in its app for Android, which remained unpatched for at least 3 months after being discovered, and if exploited, could have allowed remote hackers to compromise Android devices and potentially steal files and chat messages.
Once the Malicious GIF file implant to the Android devices, it can execute the code in the WhatsApp context and app eventually steal the files from WhatsApp sandbox that includes a message database.
In Remote code execution Attack Vector, Attackers can abuse and pair with the application such as a browser that has remote memory information disclosure vulnerability to collect the addresses of zygote libraries and craft a malicious GIF file.
How Does WhatsApp RCE Demonstration Work?
WhatsApp uses the parsing library in question to generate a preview for GIF files when users open their device gallery before sending any media file to their friends or family.
Thus, to be noted, the vulnerability does not get triggered by sending a malicious GIF file to a victim; instead it gets executed when the victim itself simply opens the WhatsApp Gallery Picker while trying to send any media file to someone.
Since the bug resides in the WhatsApp‘s Gallery view implementation, the user does not have to send anything because just opening the WhatsApp Gallery will trigger the bug without any additional touch.
“By default, WhatsApp shows previews of every media (including the GIF file received), it will trigger the Whatsapp Double-free vulnerability and our RCE exploit.” Awakened said.
The vulnerability has been successfully tested in Android 8.1 and 9.0 and if you’re using any below than WhatsApp version 2.19.244 then its times to update