WhatsApp is the victim of a new major security vulnerability on Android and iOS that allows to install remote malware. This buffer overflow vulnerability is based on the way the application segments MP4 file metadata. It would also be possible to exfilter the contents of digit conversations as well as stock files on the internal memory.
WhatsApp is experiencing a new critical vulnerability – records under reference CVE-2019-11931. This bug is of buffer overflow type and is in the same way that older versions of WhatsApp were parsing / segmenting base mtadons into .MP4 video files. Due to this bug, hackers could perform type attacks denial-of-Serviceor execute code distance.
To carry out an attack all that the hackers need is the phone number of the victim. All they need to do is send a specially crafted .MP4 file via WhatsApp to lead the attack. According to The Hacker's News, it is possible to cause the installation of a trojan, spyware or any malware. But also to exfiltrate conversations numbers, personal data and other locally stored files.
This bug mainly affects the Android and iOS versions of WhatsApp. The Hacker News gives the list and versions of the key applications:
- Android versions prior to 2.19.274
- iOS versions earlier than 2.19.100
- Enterprise Client versions earlier 2.25.3
- Windows Phone version 2.18.368 and earlier
- Business for Android earlier versions 2.19.104
- Business for iOS versions earlier 2.19.100
Also read:WhatsApp – a massive cyber attack on politicians
Update WhatsApp as fast as possible
All these versions could already be patches before the publication of the flaw. To avoid any problem, we recommend you to put your WhatsApp application on all your devices, via the Play Store or APK Mirror – we offer you links below:
WhatsApp on the Play Store
WhatsApp on APK Mirror
Source: The Hacker News