WhatsApp at risk by a specially crafted MP4 file that could trigger stack-based buffer overflow attack

By Digit NewsDesk | Published on 17-Nov-2019

Make your home smarter than the average home

Make your life smarter, simpler, and more convenient with IoT enabled TVs, speakers, fans, bulbs, locks and more.

Click here to know more

Facebook owned WhatsApp has been in the news from some time now for being affected by a serious privacy concern that stems from the use of Israeli spyware called Pegasus. Now, developers of the online chat app have published a new vulnerability in the app that suggests another way an attacker might be able to access your files and data. As per a recently published Facebook security advisory, a stack-based memory buffer overflow can be triggered by sending a specially crafted MP4 file to a WhatsApp user. “The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE,” states the advisory


Facebook simply says that the flaw could result in Denial of Service (DoS) or Remote Code Execution (RCE), but this is quite concerning. While DoS might hamper you from using WhatsApp on your phone, RCE is not something to be taken lightly. Using Remote Code Execution, an attacker can run code on your device, which can result from downloading and sideloading malware to hijacking it and accessing your data. The flaw affects Android versions of WhatsApp before the 2.19.274 update, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.

Related Articles

WhatsApp reportedly testing Snapchat like self-destructing messages, Facebook app spotted running dark mode WhatsApp for iOS brings call waiting, redesigned Chats screen, extended Braille typing support Facebook’s latest bid to entice users is Whale, a meme-creation app Google Maps is piloting a feature that lets users follow Local Guides TikTok crosses 1.5 billion installs, could get a sister music streaming app, and is reportedly testing links in bio and shopping links in posts

The revelation of this new exploit comes soon after the Pegasus fiasco where the spyware was allegedly used to spy on numerous entities. As per a previous report, WhatsApp alerted two dozen academics, lawyers, Dalit activists and journalists across India that their devices were under surveillance for a two-week period till May 2019. The time period coincides with the 2019 General Elections in India. You can read more about this here

Digit NewsDesk
The guy who answered the question 'What are you doing?' with 'Nothing'.

Trending Articles

View All

Latest Articles


Popular Mobile Phones