MAJOR EXPLOIT: This GIF can Backdoor any Android Phone (sort of)
In this video, we take a deep dive into the inner mechanics of a double free vulnerability within Android OS, allowing attackers to gain complete access to any Android mobile phone with an RCE (remote code execution). This vulnerability was exploited by creating a custom GIF file and sending it to a user in WhatsApp. Whether you're a pen tester, security researcher, or cyber security expert, having a solid foundation in low level languages, especially C, is critical. 0:00 - Overview 0:35 - GIFs 1:02- GIFs within Android 2:10- Memory / Pointers 3:35 - Double Free 6:02 - WhatsApp Payload 8:24 - RCE WE HAVE A DISCORD NOW! https://discord.gg/WYqqp7DXbm Original report by security researcher Awakened https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/ Double free within android-gif-drawable https://github.com/koral--/android-gif-drawable/pull/673 MUSIC CREDITS: LEMMiNO - Cipher https://youtu.be/b0q5PR1xpA0?si=pUNJUB-ra1ulTJtI CC BY-SA 4.0 LEMMiNO - Nocturnal https://youtu.be/epmoV2HRs9U?si=Rljr2wC0SKYFEruJ CC BY-SA 4.0 #programming #software #softwareengineering #computerscience #code #programminglanguage #softwaredevelopment #hacking #hack #cybersecurity #exploit #tracking #softwareengineer #vulnerability #pentesting #privacy #spyware #malware #cyber #cyberattack #bugbounties #ethicalhacking #mobile #android #doublefree #malloc #realloc #GIF #mobilesecurity #lowlevelsecurity #zeroday #zero-day #cybersecurityexplained #bugbounty #compiler #memorymanagement #kernel #operatingsystems #OS
In this video, we take a deep dive into the inner mechanics of a double free vulnerability within Android OS, allowing attackers to gain complete access to any Android mobile phone with an RCE (remote code execution). This vulnerability was exploited by creating a custom GIF file and sending it to a user in WhatsApp. Whether you're a pen tester, security researcher, or cyber security expert, having a solid foundation in low level languages, especially C, is critical. 0:00 - Overview 0:35 - GIFs 1:02- GIFs within Android 2:10- Memory / Pointers 3:35 - Double Free 6:02 - WhatsApp Payload 8:24 - RCE WE HAVE A DISCORD NOW! https://discord.gg/WYqqp7DXbm Original report by security researcher Awakened https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/ Double free within android-gif-drawable https://github.com/koral--/android-gif-drawable/pull/673 MUSIC CREDITS: LEMMiNO - Cipher https://youtu.be/b0q5PR1xpA0?si=pUNJUB-ra1ulTJtI CC BY-SA 4.0 LEMMiNO - Nocturnal https://youtu.be/epmoV2HRs9U?si=Rljr2wC0SKYFEruJ CC BY-SA 4.0 #programming #software #softwareengineering #computerscience #code #programminglanguage #softwaredevelopment #hacking #hack #cybersecurity #exploit #tracking #softwareengineer #vulnerability #pentesting #privacy #spyware #malware #cyber #cyberattack #bugbounties #ethicalhacking #mobile #android #doublefree #malloc #realloc #GIF #mobilesecurity #lowlevelsecurity #zeroday #zero-day #cybersecurityexplained #bugbounty #compiler #memorymanagement #kernel #operatingsystems #OS