4th September 2021, Kathmandu
A now-patched high-astringency security susceptibility in WhatApp’s image filter feature could have been abused to send a malignant image over the messaging app to read sensitive information from the app’s recollection.
Tracked as CVE-2020-1910 (CVSS score: 7.8), the imperfection concerns an out-of-bounds read/indite and stems from applying concrete image filters to a rogue image and sending the altered image to an unwitting recipient, thereby enabling an assailer to access valuable data stored the app’s recollection.
“A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have sanctioned out-of-bounds read and indite if a utilizer applied categorical image filters to a specially-crafted image and sent the resulting image,” WhatsApp noted in its advisory published in February 2021.
Cybersecurity firm Check Point Research, which disclosed the issue to the Facebook-owned platform on November 10, 2020, verbally expressed it was able to crash WhatsApp by switching between sundry filters on the malignant GIF files.
Concretely, the issue was rooted in an “applyFilterIntoBuffer()” function that handles image filters, which takes the source image, applies the filter culled by the utilizer, and copies the result into the destination buffer. By reverse-engineering the “libwhatsapp.so” library, the researchers found that the vulnerably susceptible function relied on the posit that both the source and filtered images have the same dimensions and withal the same RGBA color format.
Given that each RGBA pixel is stored as 4 bytes, a malignant image having only 1 byte per pixel can be exploited to achieve an out-of-bounds recollection access since the “function endeavors to read and facsimile 4 times the magnitude of the allocated source image buffer.”
WhatsApp verbally expressed it has “no reason to believe users would have been impacted by this bug.” Since WhatsApp version 2.21.1.13, the company has integrated two incipient checks on the source image and filter image that ascertain that both source and filter images are in RGBA format and that the image has 4 bytes per pixel to avert unauthorized reads.
