Facebook has fixed a serious vulnerability affecting the image filter functionality in WhatsApp messenger. Exploiting the bug wasn’t easy, though triggering it could allow an attacker to send maliciously crafted messages.
WhatsApp Image Filter Function Vulnerability
Researchers from Check Point Research have shared insights about a serious vulnerability in Facebook’s WhatsApp messenger.
According to the details shared in their report, the vulnerability affected the image filter functionality of WhatsApp. If exploited, the bug could allow an attacker access target users’ data from WhatsApp memory.
Specifically, they observed an Out-Of-Bounds read-write vulnerability in the app. the attack would begin if an adversary sends a maliciously crafted image to the target recipient. Yet, the actual bug would only trigger if the recipient sends the same image file back to the sender after applying filters.
In brief, the researchers found the vulnerability when fuzzing WhatsApp. They noticed that applying filters to GIF files would crash the app. Analyzing it further revealed the “root cause” of the crash – a native function applyFilterIntoBuffer() in libwhatsapp.so library.
Explaining the issue, the researchers stated,
The problem is that both destination and source images are assumed to have the same dimensions and also the same format RGBA (meaning each pixel is stored as 4 bytes, hence the multiplication by 4).
However, there are no checks performed on the format of the source and destination images.
Therefore, when a maliciously crafted source image has only 1 byte per pixel, the function tries to read and copy 4 times the amount of the allocated source image buffer, which leads to an out-of-bounds memory access.
This is the crash we got in IDA, caused by the program trying to read from an unmapped memory region.
Bug Fixed Already
Thankfully, Check Point Research confirmed that the exploit “remains theoretical” since it required an especial scenario to trigger the bug.
However, still, it was a serious vulnerability that could lead to unnecessary exposure to sensitive data.
Hence, following their report, WhatsApp patched the vulnerability with version 126.96.36.199 released in February 2021. WhatsApp has listed it as CVE-2020-1910 on its advisory page.
Since then, WhatsApp has fixed numerous other bugs and released updates, the latest being v188.8.131.52. Users should ensure keeping their devices up-to-date with the latest versions to remain safe.