A vulnerability in the WhatsApp for Android that was found, disclosed and patched can still affect thousands of additional apps that have not been patched.
CVE-2019-11932 allows attackers to use a maliciously coded GIF files to remotely execute code was made public on Oct. 2, 2019 and then patched in WhatsApp version 2.19.244 takes advantage of a library called libpl_droidsonroids_gif.so which is part of the android-gif-drawable package that is used in many other applications, Trend Micro reported.
The company found 3,433 apps in the Google Play store that remained unpatched and vulnerable along with several hundred others scattered among another nine third-party online marketplaces.
“We took a closer look at some of these applications to verify that they were indeed vulnerable. We extracted the libraries and found that libpl_droidsonroids_gif.so was not updated, confirming that the vulnerability was present,” the report stated
Trend Micro did not list a way for an end user to decipher whether or not an app remains vulnerable to CVE-2019-11932 but instead suggest that developers update libpl_droidsonroids_gif.so.
