A severe vulnerability in the WhatsApp messenger could enable attackers to achieve remote code execution by sending target users a specially crafted MP4 video file, Facebook reports.
The stack-based buffer overflow bug (CVE-2019-11931) exists in the way WhatsApp parses the elementary stream metadata of MP4 files. If successfully exploited, it could result in a denial-of-service or remote code execution attack, the company said in a disclosure. Users can update to a patched version of the software. It's unclear whether the flaw has been exploited in the wild.
This vulnerability affects a range of corporate and consumer devices. Affected versions include:
Read more details here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Soft Skills: 6 Nontechnical Traits CISOs Need to Succeed."