Facebook Discloses Vulnerability in WhatsApp Messaging Software

December 5, 2019

Facebook has disclosed the existence of a vulnerability leading to remote code execution attacks in WhatsApp messaging software.

According to a ZDnet report, the company said in a security advisory that the WhatsApp bug, tracked as CVE-2019-11931, is a stack-based buffer overflow issue which can be triggered by attackers sending crafted .MP4 video files to victims. In addition, Facebook said that the problem was caused by how the encrypted messaging app parses .MP4 elementary stream metadata that if exploited, the vulnerability can lead to denial-of-service (DoS) or remote code execution (RCE) attacks. There are not many technical details available, notes the report.

"WhatsApp versions prior to 2.19.274 on Android and iOS versions prior to 2.19.100 are affected. Business users of WhatsApp prior to 2.19.104 on Android and 2.19.100 on iOS are also susceptible to attack. Enterprise Client versions prior to 2.25.3 and Windows Phone versions of WhatsApp including 2.18.368 and below are also impacted," notes the report.

A Facebook spokesperson told ZDnet, "WhatsApp is constantly working to improve the security of our service. We make public reports on potential issues we have fixed consistent with industry best practices. In this instance, there is no reason to believe that users were impacted."

Please visit ZDnet for the full report.

In this webinar, we review the rise of cloud access control and access control as a service, its advantages and disadvantages, and how to select the optimal cloud access control solution for your company.

Security leaders need to accept and act on this reality and take measured and thoughtful steps to mitigate the risk and train staff about the growing likelihood of such violent incidents in their facilities and workplaces.