Facebook Discloses Vulnerability in WhatsApp Messaging Software

December 5, 2019

Facebook has disclosed the existence of a vulnerability leading to remote code execution attacks in WhatsApp messaging software.

According to a ZDnet report, the company said in a security advisory that the WhatsApp bug, tracked as CVE-2019-11931, is a stack-based buffer overflow issue which can be triggered by attackers sending crafted .MP4 video files to victims. In addition, Facebook said that the problem was caused by how the encrypted messaging app parses .MP4 elementary stream metadata that if exploited, the vulnerability can lead to denial-of-service (DoS) or remote code execution (RCE) attacks. There are not many technical details available, notes the report.

"WhatsApp versions prior to 2.19.274 on Android and iOS versions prior to 2.19.100 are affected. Business users of WhatsApp prior to 2.19.104 on Android and 2.19.100 on iOS are also susceptible to attack. Enterprise Client versions prior to 2.25.3 and Windows Phone versions of WhatsApp including 2.18.368 and below are also impacted," notes the report.

A Facebook spokesperson told ZDnet, "WhatsApp is constantly working to improve the security of our service. We make public reports on potential issues we have fixed consistent with industry best practices. In this instance, there is no reason to believe that users were impacted."

Please visit ZDnet for the full report.

Protecting employees from potential exposure could be a daunting task, but with the right property technology, your office space can become an interactive and responsive asset that helps you ensure new health protocol compliance.

Join Resolver as we discuss practical strategies to help shift the security mindset in your organization. We’ll look at real examples of how industry-leading security teams have optimized their processes to provide more impactful reporting that not only enabled them to prove the value of corporate security to the organization, but also their increased departmental budget.