Facebook Discloses Vulnerability in WhatsApp Messaging Software

Facebook has disclosed the existence of a vulnerability leading to remote code execution attacks in WhatsApp messaging software.

According to a ZDnet report, the company said in a security advisory that the WhatsApp bug, tracked as CVE-2019-11931, is a stack-based buffer overflow issue which can be triggered by attackers sending crafted .MP4 video files to victims. In addition, Facebook said that the problem was caused by how the encrypted messaging app parses .MP4 elementary stream metadata that if exploited, the vulnerability can lead to denial-of-service (DoS) or remote code execution (RCE) attacks. There are not many technical details available, notes the report.

"WhatsApp versions prior to 2.19.274 on Android and iOS versions prior to 2.19.100 are affected. Business users of WhatsApp prior to 2.19.104 on Android and 2.19.100 on iOS are also susceptible to attack. Enterprise Client versions prior to 2.25.3 and Windows Phone versions of WhatsApp including 2.18.368 and below are also impacted," notes the report.

A Facebook spokesperson told ZDnet, "WhatsApp is constantly working to improve the security of our service. We make public reports on potential issues we have fixed consistent with industry best practices. In this instance, there is no reason to believe that users were impacted."

Please visit ZDnet for the full report.

Security’s digital transformation is now entering stage 5. Complex security technologies are connected to HR systems, global security operations centers, and other building technologies in a world where employees now work in two places: home and the corporate office.

Service reliability underpins every modern business. Without reliable services, organizations cannot build the trust required to keep their customers loyal or free up time to focus on product innovation and differentiation.