A unique bug on WhatsApp revealed by the company could let attackers exploit your device using MP4 files. The bug, which was identified as CVE-2019-11931, could pave the way for hackers to access WhatsApp’s data, including messages and files remotely.
The WhatsApp bug needed no user interaction, whatsoever. An attacker could gain access to WhatsApp’s data by sending a specially crafted MP4 file to a user, which would remotely execute malicious code.
Facebook announced the flaw quietly on their primary social media platform. The advisory read, “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user.”
“The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS [denial of service] or RCE [remote code execution].”
Facebook said the bug affected Android versions before 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.
There is no report that users might have been affected by the flaw. If we have to take the company’s word on this, then, yes, “there is no reason to believe users were impacted.”