Hackers Society

Register a free account today to become a member OF hackers Society! Once signed in, you'll be able to Learn free hacking cracking and carding tips tricks and cources, as well as connect with other members through your own private inbox!

Another WhatsApp Vulnerability Could Allow Installation of Spyware Through MP4 Videos?


Facebook has disclosed a serious WhatsApp vulnerability that exposed users to potential malware attacks. As disclosed in an advisory, the stack-based buffer overflow vulnerability existed in almost all WhatsApp versions for both the consumers and enterprise apps. To trigger the flaw, an attacker would simply have to send maliciously crafted MP4 videos to the target users. Describing this vulnerability CVE-2019-11931.

Facebook Says
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.

Exploiting the bug could allow the attacker to execute remote code. It also permitted the attacker to install spyware or any other malware to the victim’s device.

Facebook Released The Patched Version Fortunately

Facebook have fixed the vulnerability with the release of WhatsApp updates rolled out on November 13, 2019. Therefore, if the users are running the following vulnerable app versions, they must ensure updating their respective devices accordingly.

WhatsApp for Android versions prior to 2.19.274

WhatsApp for iOS versions prior to 2.19.100

Windows Phone versions including and prior to 2.18.368

WhatsApp Enterprise Client versions prior to 2.25.3

Business for Android versions prior to 2.19.104

Business for iOS versions prior to 2.19.100

A Facebook spokesperson wrote:
WhatsApp is constantly working to improve the security of our service. We make public reports on potential issues we have fixed consistent with industry best practices. In this instance, there is no reason to believe that users were impacted.

In October, Facebook also fixed another bug in WhatsApp that could allow hijacking chat sessions using malicious GIFs.