Recently discovered GIF processing vulnerability impacts thousands of Android applications other than WhatsApp

• CVE-2019-11932, which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019.
• The flaw, termed as stack-buffer overflow, could be exploited using MP4 video files.

A recently disclosed GIF processing vulnerability has been found impacting thousands of Android applications. The flaw was first discovered in WhatsApp and was eventually patched by its owner Facebook.

Quick recap

CVE-2019-11932, which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019. According to the advisory, the flaw affected a wide range of operating systems. This included Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.

The flaw, described as a stack-buffer overflow, could be exploited using MP4 video files. It could potentially allow an attacker to remotely access messages and files stored in the app. Upon discovery, the flaw was patched by Facebook with the release of WhatsApp version 2.19. 244.

How does the flaw affect other apps?

The security flaw - previously affecting WhatsApp - exists in the open-source library named libpl_droidsonroids_gif.so, which is part of the android-gif-drawable package and is used by numerous Android applications when processing GIF files.

According to Trend Micro, the flaw if exploited will cause the same damage as was observed in WhatsApp.

Developers caught napping

Although the security vulnerability has been fixed in libpl_droidsonroids_gif.so for about two months now, there are many developers who are still using the older version of the package.

Trend Micro has listed over 3,000 applications in the Google Play Store that are still vulnerable to GIF Processing vulnerability. The flaw also affects many apps hosted on third-party app stores such as 1mobile, 9Apps, 91 market, APKPure, Aptoide, 360 Market, PP Assistant, QQ Market, and Xiaomi Market.

Update to stay safe

Trend Micro has warned that there are still a large number of applications that contain the vulnerability and this exposes many Android users to risk. Attackers can abuse the above-mentioned flaw to take control of users’ devices. Hence, developers are urged to upgrade ‘libpl_droidsonroids_gif.so’ to reduce the risk of cyberattacks on end-users.