A now-patched high-severity safety vulnerability in WhatApp’s picture filter characteristic might have been abused to ship a malicious picture over the messaging app to learn delicate info from the app’s reminiscence.
Tracked as CVE-2020-1910 (CVSS rating: 7.8), the flaw issues an out-of-bounds learn/write and stems from making use of particular picture filters to a rogue picture and sending the altered picture to an unwitting recipient, thereby enabling an attacker to entry priceless knowledge saved the app’s reminiscence.
“A lacking bounds test in WhatsApp for Android previous to v220.127.116.11 and WhatsApp Enterprise for Android previous to v18.104.22.168 might have allowed out-of-bounds learn and write if a consumer utilized particular picture filters to a specially-crafted picture and despatched the ensuing picture,” WhatsApp noted in its advisory revealed in February 2021.
Cybersecurity agency Check Point Analysis, which disclosed the problem to the Fb-owned platform on November 10, 2020, mentioned it was in a position to crash WhatsApp by switching between numerous filters on the malicious GIF information.
Particularly, the problem was rooted in an “applyFilterIntoBuffer()” operate that handles picture filters, which takes the supply picture, applies the filter chosen by the consumer, and copies the outcome into the vacation spot buffer. By reverse-engineering the “libwhatsapp.so” library, the researchers discovered that the weak operate relied on the idea that each the supply and filtered photographs have the identical dimensions and likewise the identical RGBA shade format.
Given that every RGBA pixel is saved as 4 bytes, a malicious picture having just one byte per pixel could be exploited to realize an out-of-bounds reminiscence entry for the reason that “operate tries to learn and replica 4 occasions the quantity of the allotted supply picture buffer.”
WhatsApp mentioned it has “no purpose to imagine customers would have been impacted by this bug.” Since WhatsApp model 22.214.171.124, the corporate has added two new checks on the supply picture and filter picture that make sure that each supply and filter photographs are in RGBA format and that the picture has 4 bytes per pixel to forestall unauthorized reads.