Update WhatsApp now: MP4 video bug exposes your messages

Update WhatsApp now: MP4 video bug exposes your messages

Previous: Instagram stalker app Ghosty yanked from Play store WhatsApp’s pitch: Simple. Secure. Reliable messaging. Needed marketing addendum: Hole. Update. Now. Evil. MP4s. Facebook on Thursday posted a security advisory about a seriously risky buffer overflow vulnerability in WhatsApp, CVE-2019-11931 , that could be triggered by a nastily crafted MP4 video. It’s rated as a high-risk vulnerability – 7.8 – on the CVE scale. Understandably so: if left unpatched, it can lead to remote code execution (RCE), which can then enable attackers to access users’ files and messages. The security hole also leaves devices vulnerable to Denial of Service (DoS) attack. Facebook said that this one affects WhatsApp versions for iOS, Android and Windows phones. The problem isn’t just on the regular WhatsApp; it’s also found on WhatsApp for Business and WhatsApp for Enterprise. That’s an enormous number of users: With over 1.5 billion monthly active users, WhatsApp is the most popular mobile messenger app worldwide, according to Statista. Facebook has issued a fix, so if you haven’t already, it’s time to update. Here’s Facebook’s technical explanation about the vulnerability: A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp […]

Click here to view original web page at nakedsecurity.sophos.com

Leave a Reply