In October 2019, WhatsApp developers for Android fixed a dangerous bug in their application. It turned out that using a regular GIF file on a vulnerable device, it was possible to remotely execute arbitrary code and gain access to confidential user data.
The bug belongs to the double-free class and received the identifier CVE-2019-11932. The problem allowed remote code execution on devices running Android 8.1 and 9.0, and in previous versions of the mobile OS, the bug could only be used to provoke a denial of service (DoS).
Trend Micro Specialists warnthat the vulnerability recently fixed in the messenger is dangerous for many other applications.
Experts explain that the problem is with the open source library libpl_droidsonroids_gif.so, which is part of the android-gif-drawable package and is used by many Android applications to process GIF files. And if WhatsApp fixed the bug with the release of version 2.19.244, then in other applications the vulnerability still exists.
According to researchers, in the Google Play catalog alone, more than 3,000 applications using libpl_droidsonroids_gif.so are still vulnerable. Even worse, the problem threatens many applications from third-party directories, such as 1mobile, 9Apps, 91 market, APKPure, Aptoide, 360 Market, PP Assistant, QQ Market and Xiaomi Market.
Trend Micro experts urged developers to update the libpl_droidsonroids_gif.so library as soon as possible and stop putting users at risk.