Discover new vulnerabilities in WhatsApp with remote code execution

Nowadays, the use of GIFs, animated images that have no sound and are automatically repeated, is common in social networks and messengers. WhatsApp has recently released a patch for major security vulnerabilities for Android devices. The vulnerability, discovered about three months ago, allows attackers to access the files and messages of victims' devices.

WhatsApp Remote Code Execution Vulnerability

The vulnerability with ID CVE-2019-11932 is related to the Double-Free Memory defect of one of the WhatsApp GIF libraries Pham Hong Nhat, a Vietnamese security researcher, has found that this vulnerability, using program permissions on the device, enables attackers to execute arbitrary code on the victim's device.

WhatsApp RCE vulnerability performance

WhatsApp uses a library that performs parsing and malfunctioning to display suggested gifs to the user when sending files to their contacts. So this vulnerability runs not just by sending a Gif, but only by opening WhatsApp Gallery Picker to send files to others.

This vulnerability can only be exploited by sending a malicious gif file to the victim and waiting for the victim to open the image gallery.

It should be noted, however, that the malicious gif must be sent as a file to the victim, since in the image mode, malicious files will be destroyed by applying special compression. This vulnerability can also be accessed via the Reverse Shell.

Vulnerable devices and versions and patches released

This vulnerability affects versions 2.19.230 and older WhatsApp installed on Android 8.1 and 9.0. But Android 8.0 and older are safe.
The vulnerability, which was reported to WhatsApp in late July, has been patched in version 2.19.244 released in September.
Users are advised to upgrade to the latest version of WhatsApp as soon as possible. Other Android apps that use this library may also be vulnerable to similar attacks. However, this library, called Android GIF Drawable, has released a new version 2.3.1 to fix the Double-Free vulnerability. It should be noted, WhatsApps users are safe from this vulnerability.

Navigation