This video is an explanation of double-free vulnerability that allowed the attacker prepare a malicious GIF image that could execute remote commands on victim’s smartphone in WhatsApp’s context.

Report:
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/

Reporter’s website:
https://awakened1712.github.io/

Create you own malicious GIF:
https://github.com/awakened1712/CVE-2019-11932

Follow me on twitter:
https://twitter.com/gregxsunday

Timestamps:
00:00 Intro
00:26​ GIF file structure
02:21​ Double-free bug
05:47​ How to achieve RCE?
07:26​ Building the exploit

#rce #WhatsApp #double-free

Add comment

Your email address will not be published. Required fields are marked *