Sign In

Communications of the ACM

ACM TechNews

Attackers Using WhatsApp MP4 Video Files Vulnerability Can Remotely Execute Code


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
The WhatsApp logo.

Facebook has reported a vulnerability in WhatsApp messaging software that allows bad actors to conduct denial-of-service or remote code execution attacks.

Credit: Facebook

Facebook has reported a vulnerability in WhatsApp messaging software that allows malefactors to conduct denial-of-service or remote code execution attacks.

The company warned in a security advisory that the bug is a stack-based buffer overflow flaw, which can be triggered by sending crafted .MP4 video files to targets.

Facebook said the problem is rooted in how the encrypted messaging app parses .MP4 elementary stream metadata, and it affects WhatsApp iterations prior to 2.19.274 on Android, and iOS versions prior to 2.19.100; also vulnerable are business users of WhatsApp before version 2.19.104 on Android and version 2.19.100 on iOS.

The social media giant recommended users update their software builds to ameliorate the likelihood of exploitation.

"In this instance, there is no reason to believe that users were impacted," said a Facebook spokesperson.

From ZDNet
View Full Article

 

Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


 

No entries found