WhatsApp is not new to memory corruption vulnerabilities. After a series of infamous and chronically frustrating special character message circulations which would cause the application to crash fiercely until the troublesome message was deleted (note that deleting the message was a feat immensely difficult to accomplish as the application would crash repeatedly and not launch properly in the first place to allow you to delete the message), there is now another such crafted message which is lending itself to a memory corruption vulnerability in the popular instant messaging social media platform.
The new-found Memory corruption vulnerability has been found to affect the iPhones 5, 6s, and X with iOS 10 and 11.4.1 which was the latest iOS version when the tests were conducted. The vulnerability exists in WhatsApp’s versions 2.18.61 and older on these platforms.
Just as with the previous memory corruption vulnerabilities, the problem arises from the fact that WhatsApp is unable to filter UTF-8 characters. It is also unable to quickly process memory allocations and deallocations on iOS devices. The vulnerability is exploited when a maliciously and specifically crafted message is sent to a user which triggers a system crash. When the device receives this message, It exhausts the system’s resources which allows it to corrupt its memory in the process. This exploit causes a denial of service response when the system crashes and it impacts the integrity of the system with remote memory corruption.
The exploit first came forward on ExploitPack where Juan Sacco posted some details along with a proof of concept for the vulnerability. The vulnerability can be exploited by sending the crafted message on both the WhatsApp application or through WhatsApp to an end user on the specified devices and operating systems running WhatsApp 2.18.61.
There are no mitigation steps released by the vendor as of yet, but learning from prior such vulnerabilities, the only way to mitigate the crash is to somehow remove the message from the chat so that it is not in the application’s first-hand memory when it starts up, causing repeated crashes. To do this, you must ask the user who sent the malicious message to send another clean message which will then remove the malicious one from the startup memory log containing the most recent messages. Then, you must open the WhatsApp application and remove that message from the chat permanently. This isn’t easy to do when the person sending the mal intented messages isn’t your friend.