WhatsApp has fastened a vulnerability moving malicious MP4 video recordsdata that might maybe presumably maybe additionally doubtlessly allow an attacker to remotely entry messages and recordsdata saved within the app.
The flaw — identified as CVE-2019-11931 — made it which you would possibly presumably maybe presumably imagine for attackers to send a specially crafted MP4 file to remotely compose malicious code on the sufferer’s machine with none intervention.
In an advisory posted on its dwelling, Fb stated:
A stack-basically based buffer overflow might maybe presumably maybe additionally be precipitated in WhatsApp by sending a specially crafted MP4 file to a WhatsApp person. The scenario used to be reward in parsing the basic dart metadata of an MP4 file and might maybe presumably maybe additionally result in a DoS [denial of service] or RCE [remote code execution].
On the opposite hand, the presence of the flaw on my own doesn’t imply it will most likely presumably maybe additionally be faded for imperfect capabilities. As is in most cases the case, it would even be an entry point for an exploit chain that hyperlinks collectively a community of security vulnerabilities, thereby allowing a hacker to penetrate digital protections.
After we reached out for a response, a spokesperson for the corporate stated, “WhatsApp is continually working to toughen the protection of our service. We compose public, reports on doable disorders now we hold fastened per industry most efficient practices. In this occasion there isn’t very any reason to deem users were impacted.”
The computer virus affected Android versions before 2.19.274, iOS versions before 2.19.a hundred, Mission Client versions before 2.25.three, Home windows Phone versions before and including 2.18.368, Industry for Android versions before 2.19.104, and Industry for iOS versions before 2.19.a hundred.
While there’s no indication that the flaw used to be exploited, the