A severe vulnerability in the WhatsApp messenger could enable attackers to achieve remote code execution by sending target users a specially crafted MP4 video file, Facebook reports.
The stack-based buffer overflow bug (CVE-2019-11931) exists in the way WhatsApp parses the elementary stream metadata of MP4 files. If successfully exploited, it could result in a denial-of-service or remote code execution attack, the company said in a disclosure. Users can update to a patched version of the software. It's unclear whether the flaw has been exploited in the wild.
This vulnerability affects a range of corporate and consumer devices. Affected versions include:
- Android versions prior to 2.19.274
- Business for Android versions prior to 2.19.104
- iOS versions prior to 2.19.100
- Business for iOS versions prior to 2.19.100
- Enterprise Client versions prior to 2.25.3
- Windows Phone versions before and including 2.18.368
Read more details here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Soft Skills: 6 Nontechnical Traits CISOs Need to Succeed."