Home » News » Apps » WhatsApp at risk by a specially crafted MP4 file that could trigger stack-based buffer overflow attack

WhatsApp at risk by a specially crafted MP4 file that could trigger stack-based buffer overflow attack

By Digit NewsDesk | Updated on 17-Nov-2019
WhatsApp at risk by a specially crafted MP4 file that could trigger stack-based buffer overflow attack
Digit NewsDesk Digit NewsDesk
17 Nov 2019 20:29
HIGHLIGHTS

Some WhatsApp versions affected by a serious vulnerability.

Facebook says a specially crafted MP4 file can be used to perform DoS or RCE attacks.

There is no info on how the flaw was discovered.

Facebook owned WhatsApp has been in the news from some time now for being affected by a serious privacy concern that stems from the use of Israeli spyware called Pegasus. Now, developers of the online chat app have published a new vulnerability in the app that suggests another way an attacker might be able to access your files and data. As per a recently published Facebook security advisory, a stack-based memory buffer overflow can be triggered by sending a specially crafted MP4 file to a WhatsApp user. “The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE,” states the advisory

Facebook simply says that the flaw could result in Denial of Service (DoS) or Remote Code Execution (RCE), but this is quite concerning. While DoS might hamper you from using WhatsApp on your phone, RCE is not something to be taken lightly. Using Remote Code Execution, an attacker can run code on your device, which can result from downloading and sideloading malware to hijacking it and accessing your data. The flaw affects Android versions of WhatsApp before the 2.19.274 update, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.

The revelation of this new exploit comes soon after the Pegasus fiasco where the spyware was allegedly used to spy on numerous entities. As per a previous report, WhatsApp alerted two dozen academics, lawyers, Dalit activists and journalists across India that their devices were under surveillance for a two-week period till May 2019. The time period coincides with the 2019 General Elections in India. You can read more about this here

Digit NewsDesk

Digit NewsDesk

Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. View Full Profile

New Mobiles
Apple IPhone 15Redmi 12 5GRealme 11 Pro+ 5GApple IPhone 15 PlusNothing Phone 2
Top-10s
Best Mobile Phones under 15,000Best Mobile Phones under 20,000Best Mobile Phones Under 10,000Best Mobile PhonesBest 5G Mobile Phones
Terms of Use Privacy Policy About Us Advertise with us Contact Us SiteMap Current / Past Issue Magazine Subscription
9.9 Group

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

We are about leadership – the 9.9 kind Building a leading media company out of India. And, grooming new leaders for this promising industry.

logo logo logo logo logo logo
Copyright © 2007-24 9.9 Group Pvt.Ltd.All Rights Reserved.
Digit.in
Logo
Digit.in
Logo