Android hack by just GIF
Just a GIF can hack your android phone using WhatsApp!!!
Nowadays we often see GIF in our day-to-day life while chatting on WhatsApp.
Sharing a GIF is more interesting and funny as compared to sharing a picture of a joke or any other funny picture GIF makes as feel quit more interesting.
Now, here the hackers enter. The hacker can hack your phone by sending you a GIF on your WhatsApp. It's not a theoretical idea anymore.
WHATSAPP REMOTE CODE EXECUTION VULNERABILITY
This vulnerability tracked as CVE-2019-11932 is a double-free memory corruption bug that doesn't actually reside in the WhatsApp code itself, but in an open-source GIF image parsing library that WhatsApp uses. Discovered by Vietnamese security researcher Pham Hong Nhat in May this year.
The researcher said to the news that "The payload is executed under the WhatsApp context, so it has all the permission to the memory"
"Malicious code will have all the permissions that WhatsApp has, including recording audio, accessing the camera, accessing the file system, as well as WhatsApp's sandbox storage that includes protected chat database and so on…"
HOW DOES WHATSAPP RCE VULNERABILITY WORK?
Here is the demonstrated video of the working of this vulnerability.
click the below link to watch:
https://youtu.be/loCq8OTZEGI
The issue affects WhatsApp versions 2.19.230 and older versions running on Android 8.1 and 9.0, but does not work for Android 8.0 and below.\
Therefore, to protect yourself against any exploit surrounding this vulnerability, you are recommended to update your WhatsApp to the latest version from the Google Play Store as soon as possible, however,
the WhatsApp of IOS is not affected by this vulnerability.
Nowadays we often see GIF in our day-to-day life while chatting on WhatsApp.
Sharing a GIF is more interesting and funny as compared to sharing a picture of a joke or any other funny picture GIF makes as feel quit more interesting.
Now, here the hackers enter. The hacker can hack your phone by sending you a GIF on your WhatsApp. It's not a theoretical idea anymore.
WHATSAPP REMOTE CODE EXECUTION VULNERABILITY
This vulnerability tracked as CVE-2019-11932 is a double-free memory corruption bug that doesn't actually reside in the WhatsApp code itself, but in an open-source GIF image parsing library that WhatsApp uses. Discovered by Vietnamese security researcher Pham Hong Nhat in May this year.
The researcher said to the news that "The payload is executed under the WhatsApp context, so it has all the permission to the memory"
"Malicious code will have all the permissions that WhatsApp has, including recording audio, accessing the camera, accessing the file system, as well as WhatsApp's sandbox storage that includes protected chat database and so on…"
HOW DOES WHATSAPP RCE VULNERABILITY WORK?
Here is the demonstrated video of the working of this vulnerability.
click the below link to watch:
https://youtu.be/loCq8OTZEGI
The issue affects WhatsApp versions 2.19.230 and older versions running on Android 8.1 and 9.0, but does not work for Android 8.0 and below.\
Therefore, to protect yourself against any exploit surrounding this vulnerability, you are recommended to update your WhatsApp to the latest version from the Google Play Store as soon as possible, however,
the WhatsApp of IOS is not affected by this vulnerability.
Comments
Post a Comment