GIF PROCESSING VULNERABILITY THWAKING ANDROID APPLICATIONS OTHER THAN WHATSAPP

GIF processing vulnerability that is present in WhatsApp patched a vulnerability that allows remote attackers to execute arbitrary code or cause Disk Operating System (DoS) situation. A recently disclosed GIF processing vulnerability has been found impacting thousands of Android applications. The flaw was first discovered in WhatsApp and was eventually patched by its owner Facebook.

OUTLINE

• CVE-2019-11932, which is a vulnerability WhatsApp for Android was first disclosed to the public on October 2, 2019. • The flaw affected a wide range of operating systems. In addition to this, the Android versions which are prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100. Mostly, older versions are at risk. • The flaw which describes a stack-buffer overflow could be exploited using MP4 video files. It could be potentially allowing an attacker to remotely access messages and files stored in the app. Upon discovery, the flaw was patched by Facebook with the release of WhatsApp version 2.19.244.

IMPACT OF THE VULNERABILITY

Earlier it was mentioned that only WhatsApp was affected, but there are more than 23,000 Android applications that use android -gif-drawable are under risk. These apps are in Google play and with other third-party stores. According to Trend Micro Report, “On Google play alone, we found more than 3000 applications in this vulnerability”. In addition, the Researcher added, “The exploit works well for Android 8.1 and 9.0 but does not work for Android below 8.0”

WHY NOT WHATSAPP?

According to the researcher, who goes by the name Awakened, the vulnerability could have allowed hackers to compromise Android devices remotely, allowing them to steal files and chat messages. CVE-2019-11932, which is a vulnerability WhatsApp for Android is a double-free memory corruption bug that exists in the open-source GIF image library that WhatsApp uses to generate previews for videos, images and GIFs. The researcher stated that the malware triggers when the user opens the image in WhatsApp.

HOW DOES THE FLAW AFFECT THE APPS?

The security flaw previously causing a strong influence on WhatsApp exits in the open-source library named libpl_droidsonroids_gif.so, which is a part of the android-gif-drawable package and is used by numerous Android applications when processing the GIF files.

UPDATE AND UPGRADE

On the contrary, the flaw can be avoided by safety measures. Having vulnerability can put Android users to risk. Attackers can abuse the above-mentioned flaw to take control of user’s devices. Hence, developers are urged to upgrade the source library to reduce the risk.