According to the website The Hacker News, WhatsApp has recently fixed a critical vulnerability, tracked as CVE-2019-11931, that could have allowed attackers to remotely compromise targeted devices.
The CVE-2019-11931 is a stack-based buffer overflow issue that affects the way WhatsApp handles the elementary stream metadata of an MP4 file.
“A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.” reads an advisory published by Facebook. “This affects Android versions prior to 2.19.274,
The issue could trigger a
The flaw could be exploited by sending a maliciously crafted MP4 file via WhatsApp.
The vulnerability affects WhatsApp versions for Google Android, Apple iOS, and Microsoft Windows.
“Android versions prior to 2.19.274,
In October, a security researcher that goes online with the moniker Awakened discovered a double-free vulnerability in WhatsApp for Android and demonstrated how to leverage on it to remotely execute arbitrary code on the target device.
The expert reported the issue to Facebook that acknowledged and addressed the flaw with the release of WhatsApp version 2.19.244.
In May, Facebook patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568, that has been exploited to remotely install spyware on phones by calling the targeted device.
The WhatsApp zero-day vulnerability is a buffer overflow issue that affects the WhatsApp VOIP stack. The flaw could be exploited by a remote attacker to execute arbitrary code by sending specially crafted SRTCP packets to the targeted mobile device.
In the case of the CVE-2019-11931 flaw, it is not clear if the issue was exploited in attacks in the wild.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.