A vulnerability in the WhatsApp for Android that was found, disclosed and patched can still affect thousands of additional apps that have not been patched.
CVE-2019-11932 allows attackers to use a maliciously coded GIF files to remotely execute code was made public on Oct. 2, 2019 and then patched in WhatsApp version 2.19.244 takes advantage of a library called libpl_droidsonroids_gif.so which is part of the android-gif-drawable package that is used in many other applications, Trend Micro[1] reported.
The company found 3,433 apps in the Google Play store that remained unpatched and vulnerable along with several hundred others scattered among another nine third-party online marketplaces.
“We took a closer look at some of these applications to verify that they were indeed vulnerable. We extracted the libraries and found that libpl_droidsonroids_gif.so was not updated, confirming that the vulnerability was present,” the report stated
Trend Micro did not list a way for an end user to decipher whether or not an app remains vulnerable to CVE-2019-11932 but instead suggest that developers update libpl_droidsonroids_gif.so.
References
- ^ Trend Micro (blog.trendmicro.com)
