WhatsApp at risk by a specially crafted MP4 file that could trigger stack-based buffer overflow attack

By Digit NewsDesk | Published on Nov 17 2019
WhatsApp at risk by a specially crafted MP4 file that could trigger stack-based buffer overflow attack

Make your home smarter than the average home

Make your life smarter, simpler, and more convenient with IoT enabled TVs, speakers, fans, bulbs, locks and more.

Click here to know more

HIGHLIGHTS

Some WhatsApp versions affected by a serious vulnerability.

Facebook says a specially crafted MP4 file can be used to perform DoS or RCE attacks.

There is no info on how the flaw was discovered.

Facebook owned WhatsApp has been in the news from some time now for being affected by a serious privacy concern that stems from the use of Israeli spyware called Pegasus. Now, developers of the online chat app have published a new vulnerability in the app that suggests another way an attacker might be able to access your files and data. As per a recently published Facebook security advisory, a stack-based memory buffer overflow can be triggered by sending a specially crafted MP4 file to a WhatsApp user. “The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE,” states the advisory

Facebook simply says that the flaw could result in Denial of Service (DoS) or Remote Code Execution (RCE), but this is quite concerning. While DoS might hamper you from using WhatsApp on your phone, RCE is not something to be taken lightly. Using Remote Code Execution, an attacker can run code on your device, which can result from downloading and sideloading malware to hijacking it and accessing your data. The flaw affects Android versions of WhatsApp before the 2.19.274 update, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.

The revelation of this new exploit comes soon after the Pegasus fiasco where the spyware was allegedly used to spy on numerous entities. As per a previous report, WhatsApp alerted two dozen academics, lawyers, Dalit activists and journalists across India that their devices were under surveillance for a two-week period till May 2019. The time period coincides with the 2019 General Elections in India. You can read more about this here

logo
Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.