WhatsApp flaw CVE-2019-11931 could be exploited to install spyware

Pierluigi Paganini November 16, 2019

The popular messaging platform WhatsApp made the headlines again, a new bug could be exploited by hackers to secretly install spyware.

According to the website The Hacker News, WhatsApp has recently fixed a critical vulnerability, tracked as CVE-2019-11931, that could have allowed attackers to remotely compromise targeted devices.

The CVE-2019-11931 is a stack-based buffer overflow issue that affects the way WhatsApp handles the elementary stream metadata of an MP4 file.

“A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.” reads an advisory published by Facebook. “This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.”

The issue could trigger a DoS condition or it could exploit by a remote attacker to execute arbitrary code on the target devices.

The flaw could be exploited by sending a maliciously crafted MP4 file via WhatsApp.

The vulnerability affects WhatsApp versions for Google Android, Apple iOS, and Microsoft Windows.

“Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.” continues the security advisory.

In October, a security researcher that goes online with the moniker Awakened discovered a double-free vulnerability in WhatsApp for Android and demonstrated how to leverage on it to remotely execute arbitrary code on the target device.

The expert reported the issue to Facebook that acknowledged and addressed the flaw with the release of WhatsApp version 2.19.244.

In May, Facebook patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568, that has been exploited to remotely install spyware on phones by calling the targeted device.

The WhatsApp zero-day vulnerability is a buffer overflow issue that affects the WhatsApp VOIP stack. The flaw could be exploited by a remote attacker to execute arbitrary code by sending specially crafted SRTCP packets to the targeted mobile device.

In the case of the CVE-2019-11931 flaw, it is not clear if the issue was exploited in attacks in the wild.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – CVE-2019-11931, WhatsApp)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment