GIF Processing Vulnerability That Present in WhatsApp Also Affects More Than 28,300 Android Apps
November 28, 2019
CCME (4607 articles)
Share

GIF Processing Vulnerability That Present in WhatsApp Also Affects More Than 28,300 Android Apps

Double-free Bug

WhatsApp recently patched a vulnerability that allows remote attackers to execute arbitrary code or cause a DoS situation. The vulnerability can be tracked as CVE-2019-11932.

The vulnerability resides “libpl_droidsonroids_gif” library which is the part of the android-gif-drawable package. The library is responsible for providing Views and Drawable for displaying animated GIFs on Android.

The vulnerability was patched with version 2.19.244, affected version 1.2.15, but the problem is, still several apps that use the old version are under risk.

Double-free Bug

The vulnerability was discovered by security researcher Awakened in WhatsApp and he managed to convert the double-free bug to an RCE.

Facebook acknowledged the vulnerability and patched with WhatsApp version 2.19.244 or above, users are recommended to update with a new version to stay safe.

An attacker could exploit this vulnerability by sending a crafted zip file that contains three frames with sizes 100, 0 and 0. With Android double-free of the memory size leads to double-free vulnerability.

  • After the first re-allocation, we have info->rasterBits buffer of size 100.
  • In the second re-allocation of 0, info->rasterBits buffer is freed.
  • In the third re-allocation of 0, info->rasterBits is freed again.

Trend Micro has published a video demonstrating the vulnerability.

Impact of the vulnerability

Earlier it was mentioned only the WhatsApp was affected, but there are more than 28,300 Android Apps that use android-gif-drawable are under risk. These apps are in Google play and with other third-party stores.

According to the Trend Micro report, “As it turned out, quite a few. On Google Play alone, we found more than 3,000 applications with this vulnerability. We also found many other similar apps hosted on third-party app stores such as 1mobile, 9Apps, 91 market, APKPure, Aptoide, 360 Market, PP Assistant, QQ Market, and Xiaomi Market.”

Here you can find the list of vulnerable apps. If you use any one of the vulnerable apps that it may let an attacker to exploit the vulnerability and to take control over the device.

This post GIF Processing Vulnerability That Present in WhatsApp Also Affects More Than 28,300 Android Apps originally appeared on GB Hackers.

Read More

Related articles

Microsoft Patch Tuesday Tops 100 CVEs For Third Month

Microsoft Patch Tuesday Tops 100 CVEs For Third Month

Digital Growth Exposes Firms to Complexity and Threats

Digital Growth Exposes Firms to Complexity and Threats

City of Los Angeles Teams Up with IBM to Fight Cybercrime

City of Los Angeles Teams Up with IBM to Fight Cybercrime