A now-patched significant-severity protection vulnerability in WhatApp’s image filter function could have been abused to deliver a malicious image more than the messaging application to study delicate facts from the app’s memory.
Tracked as CVE-2020-1910 (CVSS rating: 7.8), the flaw issues an out-of-bounds browse/create and stems from applying distinct impression filters to a rogue graphic and sending the altered image to an unwitting receiver, thereby enabling an attacker to entry useful details stored the app’s memory.
“A lacking bounds verify in WhatsApp for Android prior to v188.8.131.52 and WhatsApp Business for Android prior to v184.108.40.206 could have authorized out-of-bounds browse and publish if a person applied unique image filters to a specially-crafted image and sent the ensuing graphic,” WhatsApp pointed out in its advisory printed in February 2021.
Cybersecurity firm Look at Position Research, which disclosed the situation to the Facebook-owned platform on November 10, 2020, claimed it was equipped to crash WhatsApp by switching in between different filters on the malicious GIF files.
Exclusively, the issue was rooted in an “applyFilterIntoBuffer()” perform that handles impression filters, which usually takes the source image, applies the filter picked by the consumer, and copies the final result into the destination buffer. By reverse-engineering the “libwhatsapp.so” library, the scientists found that the vulnerable operate relied on the assumption that both equally the source and filtered visuals have the exact dimensions and also the identical RGBA coloration structure.
Provided that each RGBA pixel is stored as 4 bytes, a malicious picture acquiring only 1 byte for every pixel can be exploited to accomplish an out-of-bounds memory accessibility due to the fact the “functionality attempts to examine and copy 4 situations the volume of the allotted resource impression buffer.”
WhatsApp mentioned it has “no rationale to consider buyers would have been impacted by this bug.” Due to the fact WhatsApp edition 220.127.116.11, the corporation has extra two new checks on the supply image and filter impression that ensure that equally supply and filter photos are in RGBA format and that the graphic has 4 bytes per pixel to protect against unauthorized reads.