Security News > 2021 > September > WhatsApp Photo Filter Bug Could Have Exposed Your Data to Remote Attackers

WhatsApp Photo Filter Bug Could Have Exposed Your Data to Remote Attackers
2021-09-02 03:07

A now-patched high-severity security vulnerability in WhatApp's image filter feature could have been abused to send a malicious image over the messaging app to read sensitive information from the app's memory.

Tracked as CVE-2020-1910, the flaw concerns an out-of-bounds read/write and stems from applying specific image filters to a rogue image and sending the altered image to an unwitting recipient, thereby enabling an attacker to access valuable data stored the app's memory.

Specifically, the issue was rooted in an "ApplyFilterIntoBuffer()" function that handles image filters, which takes the source image, applies the filter selected by the user, and copies the result into the destination buffer.

By reverse-engineering the "Libwhatsapp.so" library, the researchers found that the vulnerable function relied on the assumption that both the source and filtered images have the same dimensions and also the same RGBA color format.

Given that each RGBA pixel is stored as 4 bytes, a malicious image having only 1 byte per pixel can be exploited to achieve an out-of-bounds memory access since the "Function tries to read and copy 4 times the amount of the allocated source image buffer."

WhatsApp said it has "No reason to believe users would have been impacted by this bug." Since WhatsApp version 2.21.1.13, the company has added two new checks on the source image and filter image that ensure that both source and filter images are in RGBA format and that the image has 4 bytes per pixel to prevent unauthorized reads.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/rRknLTaJs5E/whatsapp-photo-filter-bug-could-have.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-02-02 CVE-2020-1910 Out-of-bounds Write vulnerability in Whatsapp and Whatsapp Business
A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image.
local
low complexity
whatsapp CWE-787
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Whatsapp 5 1 11 13 16 41