Facebook cross-platform messaging service WhatsApp has fixed a bug that would have allowed hackers to exploit devices through MP4s…
WhatsApp has fixed a notable vulnerability involving malicious MP4 video files that could potentially give attackers the ability to remotely access messages and files stored within the app.
WhatsApp Fixes Security Bug that would Allow Hackers to Exploit User Devices using MP4 Files
The security flaw, identified as CVE-2019-11931 potentially opened the door for attackers to send custom-crafted MP4 file to remotely execute malicious code on victims’ devices without any intervention.
The vulnerability affected Android versions prior to 2.19.274, along with iOS versions released prior to 2.19.100. It likewise affected Enterprise Client versions before 2.25.3 and Windows Phones up to and including 2.18.368.
Facebook writes in an advisory post:
“A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS [denial of service] or RCE [remote code execution].”