image credit: Pixabay

Expert disclosed details of remote code execution flaw in Whatsapp for Android

October 3, 2019

A security researcher that goes online with the moniker Awakened discovered a double-free vulnerability in WhatsApp for Android and demonstrated how to leverage it to remotely execute arbitrary code on the target device.

The expert reported the issue to Facebook that acknowledged and addressed the flaw with the release of WhatsApp version 2.19.244.

The expert discovered that the flaw resides in the DDGifSlurp in decoding.c in libpl_droidsonroids_gif .so library used to generate the preview of the GIF file when a user opens Gallery view in the popular messaging application to send a media file.

Read More on Security Affairs