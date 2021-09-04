



A vulnerability in filters for WhatsApp images allowed data to be read from the application’s memory. However, its operation looked completely impractical. The problem was fixed back in early 2021.

Cooperation with the victim

Check Point Security experts have disclosed details about a software bug in the WhatsApp messenger that allowed attackers to read essential data of the attacked user.

The description of the problem says that the error is related to incorrect image processing in the device’s memory. The “bug” allows reading and writing data into memory outside the allocated memory area (out-of-bounds read-write vulnerability).

To successfully exploit a vulnerability, however, a significant number of actions must be taken at once, and most importantly, a potential victim must be persuaded to actively cooperate.

More specifically, the attacker must create a special graphic file in GIF format (where the information of each pixel is represented in only one byte), send it to the potential victim, force her to apply a certain graphic filter, and send the processed file back.

WhatsApp fixed a dangerous, interesting, but very impractical “hole”

The vulnerability indexed CVE-2020-1910 was directly present in the applyFilterIntoBuffer () function in the libwhatsapp.so library. The problem was insufficient validation of the format and sizes of the images. This has now been fixed.

Impractical exploitation

The only realistic scenario in which a vulnerability can be exploited is when a potential attacker already has access to the account of someone close to the potential victim and communicates with her through it.

“The attack scenario does not look unrealizable, but the attacker will need to perform several actions, as well as resort to user interaction in order to put it into practice,” said Dmitry Kiryukhin, an information security expert at SEC Consult Services. – In other words, the attack is too impractical to be of any massive nature. The “bug” can be exploited in highly targeted attacks, although the likelihood of such a development should not be overestimated. “

The vulnerability was identified back in November 2020. Corrections in the messenger followed in January 2021, but the researchers decided to reveal the details only now.