Facebook has reported a vulnerability in WhatsApp messaging software that allows malefactors to conduct denial-of-service or remote code execution attacks.
The company warned in a security advisory that the bug is a stack-based buffer overflow flaw, which can be triggered by sending crafted .MP4 video files to targets.
Facebook said the problem is rooted in how the encrypted messaging app parses .MP4 elementary stream metadata, and it affects WhatsApp iterations prior to 2.19.274 on Android, and iOS versions prior to 2.19.100; also vulnerable are business users of WhatsApp before version 2.19.104 on Android and version 2.19.100 on iOS.
The social media giant recommended users update their software builds to ameliorate the likelihood of exploitation.
"In this instance, there is no reason to believe that users were impacted," said a Facebook spokesperson.
View Full Article
Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA