Table of contents:
WhatsApp is one of the platforms we use, by default, to share all kinds of files with our friends and family. Despite this, it is not the safest way to do it and proof of this are the numerous vulnerabilities found in the application on a daily basis. Now, from the TNW blog we have learned that Facebook employees have detected a issue involving MP4 videos
WhatsApp has fixed a vulnerability that involved the malicious files in MP4 format that endangered your mobile, being easy for an attacker Get remote access to messages and files stored in WhatsApp.The bug, identified as CVE-2019-11931, made it possible for an attacker to put malicious code on your phone without any intervention.
WhatsApp fixes a dangerous bug that puts your WhatsApp at risk when receiving video files
Developers have commented that it was easy to cause a buffer overflow by sending a simple MP4 video file with malicious code to any user by WhatsApp. The problem was in the metadata of an MP4 file, making it very easy to carry out a DoS attack or an RCE attack (which consists of executing remote code).
They claim that this problem, by itself, was not enough for attackers to gain access to your phone However, it did it was a very dangerous entry point for a later attack, using this exploit to bypass the security of your application and penetrate your phone.
Taking advantage of the problem from the WhatsApp laboratories ensure that the company watches day by day to improve the security of the service They themselves make public potential application problems to discuss how solutions to these problems are going. The bug affected all Android versions of WhatsApp up to 2.19.274 and iOS up to 2.19.100. It was also present in WhatsApp Business up to version 2.25.3 and even in Windows Phone versions up to 2.18.368.
So far There is no news that this vulnerability has been used to carry out an attack on WhatsApp Seeing what we just told you Comment It is absolutely necessary that you update the version of WhatsApp installed on your phone, it is essential to solve the error.
