acm-header
Sign In

Communications of the ACM

Home/News/Attackers Using WhatsApp MP4 Video Files Vulnerability.../Full Text
ACM TechNews

Attackers Using WhatsApp MP4 Video Files Vulnerability Can Remotely Execute Code

By ZDNet
December 3, 2019
Comments
View as: Print Mobile App Share:
The WhatsApp logo.

Facebook has reported a vulnerability in WhatsApp messaging software that allows bad actors to conduct denial-of-service or remote code execution attacks.

Credit: Facebook

Facebook has reported a vulnerability in WhatsApp messaging software that allows malefactors to conduct denial-of-service or remote code execution attacks.

The company warned in a security advisory that the bug is a stack-based buffer overflow flaw, which can be triggered by sending crafted .MP4 video files to targets.

Facebook said the problem is rooted in how the encrypted messaging app parses .MP4 elementary stream metadata, and it affects WhatsApp iterations prior to 2.19.274 on Android, and iOS versions prior to 2.19.100; also vulnerable are business users of WhatsApp before version 2.19.104 on Android and version 2.19.100 on iOS.

The social media giant recommended users update their software builds to ameliorate the likelihood of exploitation.

"In this instance, there is no reason to believe that users were impacted," said a Facebook spokesperson.

From ZDNet
View Full Article

 

Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account