Is this Exploit still exist ? What is the cve ?

@TDS2023 Thank you! I appreciate the words! Glad you liked it 😊

@ytg6663 It is no longer exploitable, as it was fixed both within a WhatsApp patch (2.19.244), and within the android-gif-drawable library. Facebook reserved CVE-2019-11932 for this issue.

@@DanielBoctor Why do you speak with upspeak? its fvcking annoying

​​@@DanielBoctorcan this exploit happen anywhere other That's WhatsApp? I don't use WhatsApp?

How to obtain bedrock in minecraft:

very cool, never thought about it like that

They're both the same thing. Both involve injecting code into memory by exploiting a vulnerability.

true

This was exactly my thought

LOOOOOOOOL that will do it

Thanks for the wholesome comment, it means a lot

​@@DanielBoctor- Complicated exploit but well dissected. BTW you sound a bit like the male version of Christina Hall. hehe

do I really? I can't say I notice the resemblance myself lol. I'm glad your liking my videos, thanks for the support

​@@DanielBoctor- Check out the way Christina Hall talks in her "Jacuzzi" commercial,. enunciating the end of words. lol

You are one awesome fella thanks for the support

I agree but it’s for the views and he deserves the views. Very well put video. Very informative.

@@AlienzOnlyBruhindeed

also i would argue that this is really just a whatsapp exploit because the reverse shell gained is just the same privileges as whatsapp is currently allowed by android, so access to all user files if the user ever had previously attached something in whatsapp and allowed the permission, also the "android gif library" isn't used by all android apps not by a long shot, it just happened to be imported into whatsapp's source code and be what whatsapp used to render gifs, there isn't any real priviliege escalation exploit here

​@@AlienzOnlyBruhme when the judge asks why i robbed the bank

​@@AlienzOnlyBruhI mean I'm disliking and leaving 34 seconds in lol

Thank you

I'm glad you liked it! Means a lot

I really is lol. Glad you have you here! Thanks for the kind words, keep on doing what you're doing 😊

Thank you! Glad you have you apart of the community

THANK YOU INIVEK ❤️❤️❤️❤️❤️❤️

More like a 'performance bug' or some thumbnail generation, etc... Let's say you wanna show the first frame of the gif as a preview and the user should tap on the image to actually start playing the gif. You can do it different ways but it is easy to image they choose a method to reread the gif twice. First to acquire an initial frame and a second time when the user want to play the gif.

LOL, it do be like that sometimes

Glad to have you here!

Thanks! Glad you liked it 😊

It's actually a lot easier than that. I didn't mean to take away from the vulnerability too much. As mentioned in the video, the required memory addresses are constant values, and ONLY change during system reboots. Any application has access to these addresses. An app would not even need to harvest the targets phone number, NOR send the user a GIF in the first place. It could merely craft the GIF itself, and save it to the phones file system locally. That's it. The next time the victim opens their media gallery in WhatsApp, the GIF will be rendered directly, without the need to even receive a message. Thanks for watching, and I'm glad you enjoyed!

that's crazy bro lol sorry I misunderstood@@DanielBoctor

@@DanielBoctor But should the person run an old version of whatsapp or not to do this?

The vulnerability is actually 3-fold: 1. Android OS returning the same memory address twice after a double free 2. The android-gif-drawable library causing a double free in the first place 3. WhatsApp double parsing GIFs, enabling any real harm to be caused from the double free You would need all three of these conditions to be present for this to be exploitable. Just using an old version of WhatsApp would not be enough, as both WhatsApp and the GIF library were both patched.

This wasn’t mentioned in the video, but the presented vulnerability is merely an example of what can be done. OP mentions that there are potentially more complicated methods to leak relative addresses allowing us to do ROP to mitigate read-only pages. Without getting too far into it, the deterministic way android handles double frees enables us to, within the same gif, leak a valid instruction pointer and then use different techniques with that executable memory location to execute our shellcode

Glad you liked it! More is on the way 🚀🚀🚀

Underrated comment 😂

Thank you for being apart of it! Glad to have you here 😊

Heck yeah~ this made me curious what other kind of exploits there are, so I start to look at the standard linux kernel 6.6 and instantly I noped tf out of there Not because I wouldn't eventually be able to get a grasp on the madness that's called code (tho it is organized), but because I already have too many coding projects lol @@DanielBoctor

Glad you liked it!

THANK YOU ♥

THANK YOU!!! GLAD TO HAVE YOU HERE 😊

Thanks!!

It would. All commands would be executed within WhatsApp context, allowing one to steal files from the WhatsApp sandbox, including the message database, as Awakened mentioned in his original report. I should have explained this in more detail within the video.

LOL, didn't really think of the pronunciation while I was filming. Thanks for the feedback!

What if I want to use Obelix instead?

Thanks! Glad you liked it 😊. Keep on spreading that positivity

Thank you

More virtualization needs more memory

@@25_26 you'd think we have plenty... I wouldn't mind spending extra $50 knowing my phone is secure

Thanks! Means a lot

I've also thinking the same

IT security is probably going to focus more on firewalls, network monitoring, toolkits that you can deploy as an network admin, that kind of stuff. Writing code that uses malloc and free properly is going to be a software engineering issue, or maybe computer science. Every software developer needs to have a basic understanding of the most common security exploits and how to avoid them. It helps if you use a language that does not require you to manage malloc() and free() yourself. C is great for things like embedded systems, but you have to be very careful. C++ is better imho, because you can use paradigms like RAII, where you release resources and free memory in destructors, you have standard containers that allocate memory for you, so you really don't have to touch new/malloc and delete/free that often. Of course the evangelical memory safe language is Rust, and you will find no shortage of people to tell you why... there's also garbage collected languages like Java and C#, and that's great until an exploit like log4j comes out and affects everything running Java. But it also got patched pretty quickly. There's a term in software development called "not my problem" lol... just make sure the libraries you depend on are actively maintained. Good luck in your educational efforts. School won't teach you everything, but it's a good way to get started. Keep learning every day.

I know lol 🤯

yep, that will do it LOL

Thanks!! Glad you have you here!

or at least that's how I see most "brand new 0 day 0 click (some other fancy words) exploits that will kill your dog"

Sometimes, but first of all if you spread it to thousands of devices you're going to hit a lot, and second of all this one just needs your firmware + whatsapp version to be older than newest. But I have to admit this shell is pretty much useless without privilege escalation

yup, gotta love C

What a wholesome comment LOL. Means a lot

yeah ik but I think i finally fixed it in my most recent video

I see, sorry for the confusion! To clarify, under regular circumstances in a regular environment, this is absolutely correct, as mentioned @ 4:35. It is Android itself that caused the predetermined realloc behaviour, as mentioned @ 5:00 and 5:30. The vulnerability is actually 3-fold: 1. Android OS returning the same memory address twice after a double free 2. The android-gif-drawable library causing a double free in the first place 3. WhatsApp double parsing GIFs, enabling any real harm to be caused from the double free You would need all three of these conditions to be present for this to be exploitable. The Android behaviour you are pointing out is actually contributing to the exploit (which should NOT be happening).

@@DanielBoctor Sorry, it might be that my question was unclear. As per standard realloc should always return a pointer, that can be passed to free/realloced with size 0. That means that, as long as you use the pointer returned by realloc (and don't reuse the pointer you passed to realloc) you could call realloc infinitely often. Even with size 0.

@@DanielBoctor ooh, I looked at the commit that it was patched. The problem is, that realloc returning NULL is valid behaviour for size 0 realloc. This however gets interpreted as an error bc of low memory. In that case, the pointer doesn't get updated and will be passed again to realloc the next frame (but it was already freed).

Basically by guessing from experience what can happen and then trying everything. And of course you can also analyse the actual code.

My first 'commenting for the algorithm' comment LOOOOOOOL. Thank you for the support!! Means a lot 😊

I know, it really is incredible 🤯

I couldn't agree with you more. LEMMiNO is the GOAT.

not as cool as you

Yep, he posts all of his music publicly and lets other creators use them. Gotta love LEMMiNO. It's credited in my description too - I used 2 of his songs in this video.

Facebook reserved CVE-2019-11932 for this issue.