- Classified as a stack-buffer overflow issue, the flaw is tracked as CVE-2019-11931.
- The flaw could potentially allow an attacker to remotely access messages and files stored in the app.
WhatsApp, the most popular instant messaging app in the world, has lately fixed a vulnerability that involved the use of malicious MP4 video files. Termed as stack-buffer overflow, the flaw is identified as CVE-2019-11931.
What are the risks?
The flaw which could be exploited using malicious MP4 video files could potentially allow an attacker to remotely access messages and files stored in the app.
The malicious video files are used to remotely execute malicious code on the victim’s device without any intervention.
Facebook, the owner of the WhatsApp, further noted in its advisory that it could also result in a Denial of Service (DoS) attack.
Which versions are affected?
According to the advisory, the flaw affects, “Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.”
WhatsApp’s previous turmoil
There’s no indication that the flaw has been widely exploited and WhatsApp has fixed the issue in time by releasing the latest version for the affected versions.
The disclosure of this new flaw comes weeks after WhatsApp revealed that at least two dozen academics, lawyers, and journalists were the targets of a Pegasus Spyware which was operated by an Israel-based NSO Group.