17 January 2020
WhatsApp has released a new update that fixes a recently reported bug related to malicious MP4 video files. The bug would have allowed an attacker to exploit a vulnerability by sending a compromised MP4 video file. It would have made it possible for the attacker to access a victim's stored files and messages remotely.
The vulnerability is referred to as CVE-2019-11931 and if triggered, it could have resulted in remote code execution (RCE) and denial of service (DoS) cyberattack. It is reported that the malicious code can be triggered without requiring any action from the user's end which makes it even more dangerous.
In an official statement, Facebook said:
“A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.”
To make sure that you are using a WhatsApp version containing the fix, look for the appropriate version number as mentioned below:
- Android versions prior to 2.19.274
- iOS versions prior to 2.19.100,
- Enterprise Client versions prior to 2.25.3
- Business for Android versions prior to 2.19.104
- Business for iOS versions prior to 2.19.100
- Windows Phone versions before and including 2.18.368
Your best bet is to visit the app store of the device you are using and check for any WhatsApp updates. If there is any pending update, make sure to install it as soon as possible.