informa
/
Application Security
Quick Hits

Facebook Discloses WhatsApp MP4 Video Vulnerability

A stack-based buffer overflow bug can be exploited by sending a specially crafted video file to a WhatsApp user.

A severe vulnerability in the WhatsApp messenger could enable attackers to achieve remote code execution by sending target users a specially crafted MP4 video file, Facebook reports.

The stack-based buffer overflow bug (CVE-2019-11931) exists in the way WhatsApp parses the elementary stream metadata of MP4 files. If successfully exploited, it could result in a denial-of-service or remote code execution attack, the company said in a disclosure. Users can update to a patched version of the software. It's unclear whether the flaw has been exploited in the wild.

This vulnerability affects a range of corporate and consumer devices. Affected versions include:

  • Android versions prior to 2.19.274
  • Business for Android versions prior to 2.19.104
  • iOS versions prior to 2.19.100
  • Business for iOS versions prior to 2.19.100
  • Enterprise Client versions prior to 2.25.3
  • Windows Phone versions before and including 2.18.368

Read more details here.

Edgepromohorizontal.jpgCheck out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Soft Skills: 6 Nontechnical Traits CISOs Need to Succeed."

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5