A now-patched high-severity safety vulnerability in WhatApp’s picture filter characteristic may have been abused to ship a malicious picture over the messaging app to learn delicate data from the app’s reminiscence.
Tracked as CVE-2020-1910 (CVSS rating: 7.8), the flaw issues an out-of-bounds learn/write and stems from making use of particular picture filters to a rogue picture and sending the altered picture to an unwitting recipient, thereby enabling an attacker to entry priceless knowledge saved the app’s reminiscence.
“A lacking bounds examine in WhatsApp for Android previous to v184.108.40.206 and WhatsApp Enterprise for Android previous to v220.127.116.11 may have allowed out-of-bounds learn and write if a person utilized particular picture filters to a specially-crafted picture and despatched the ensuing picture,” WhatsApp noted in its advisory revealed in February 2021.
Cybersecurity agency Check Point Analysis, which disclosed the difficulty to the Fb-owned platform on November 10, 2020, mentioned it was in a position to crash WhatsApp by switching between varied filters on the malicious GIF recordsdata.
Particularly, the difficulty was rooted in an “applyFilterIntoBuffer()” perform that handles picture filters, which takes the supply picture, applies the filter chosen by the person, and copies the end result into the vacation spot buffer. By reverse-engineering the “libwhatsapp.so” library, the researchers discovered that the weak perform relied on the belief that each the supply and filtered pictures have the identical dimensions and in addition the identical RGBA coloration format.
Given that every RGBA pixel is saved as 4 bytes, a malicious picture having only one byte per pixel will be exploited to attain an out-of-bounds reminiscence entry because the “perform tries to learn and replica 4 instances the quantity of the allotted supply picture buffer.”
WhatsApp mentioned it has “no motive to consider customers would have been impacted by this bug.” Since WhatsApp model 18.104.22.168, the corporate has added two new checks on the supply picture and filter picture that be certain that each supply and filter pictures are in RGBA format and that the picture has 4 bytes per pixel to forestall unauthorized reads.