Home → News → Attackers Using WhatsApp MP4 Video Files Vulnerability... → Full Text

Attackers Using WhatsApp MP4 Video Files Vulnerability Can Remotely Execute Code

By ZDNet

December 3, 2019

[article image]

Facebook has reported a vulnerability in WhatsApp messaging software that allows malefactors to conduct denial-of-service or remote code execution attacks.

The company warned in a security advisory that the bug is a stack-based buffer overflow flaw, which can be triggered by sending crafted .MP4 video files to targets.

Facebook said the problem is rooted in how the encrypted messaging app parses .MP4 elementary stream metadata, and it affects WhatsApp iterations prior to 2.19.274 on Android, and iOS versions prior to 2.19.100; also vulnerable are business users of WhatsApp before version 2.19.104 on Android and version 2.19.100 on iOS.

The social media giant recommended users update their software builds to ameliorate the likelihood of exploitation.

"In this instance, there is no reason to believe that users were impacted," said a Facebook spokesperson.

From ZDNet
View Full Article


Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


No entries found