sb.scorecardresearch

Published 15:52 IST, November 18th 2019

WhatsApp hit with another critical security vulnerability, Facebook isses advisory

WhatsApp users' safety and privacy may have been compromised due to a new security vulnerability discovered in the messaging app. Facebook issued an advisory.

Reported by: Tech Desk
Follow: Google News Icon
  • share
WhatsApp
null | Image: self

WhatsApp users' safety and privacy may have been compromised due to a new security vulnerability discovered in the messaging app. According to reports, a new, critical security vulnerability -- CVE-2019-11931 -- was discovered in WhatsApp. The vulnerability if exploited could allow an attacker to execute a Denial of Service (DoS) attack on WhatsApp, thus affecting its service.

The issue was found in both WhatsApp Messenger for Android and iOS. The cyber-attack starts with hackers sending a specially crafted MP4 file to a WhatsApp user that triggers a remote code execution and Denial of Service (DoS) attack. 

As per an advisory issued by Facebook, the following is the list of WhatsApp versions affected by the vulnerability.

  • WhatsApp for Android prior to version 2.19.274
  • WhatsApp for iOS prior to version 2.19.100
  • WhatsApp for Enterprise Client prior to version 2.25.3
  • WhatsApp for Business prior to Android version 2.19.104
  • WhatsApp for Business prior to iOS version 2.19.100
  • WhatsApp for Windows Phone version 2.18.368 and before

Facebook's security advisory

"A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.

The news comes at a time when serious safety and privacy concerns are being raised due to Facebook's lawsuit against an Israeli software company NSO Group for allegedly hacking into WhatsApp accounts. WhatsApp spyware scare caused by Pegasus intensified after Facebook acknowledged that Indian journalists and human rights activists were among those globally spied upon by unnamed entities using the software.

"We agree with the government of India's strong statement about the need to safeguard the privacy of all Indian citizens. That is why we've taken this strong action to hold cyber attackers accountable and why WhatsApp is so committed to the protection of all user messages through the product we provide," a WhatsApp spokesperson had said in a statement.

READ | Google wants you to forget WhatsApp someday and chances are you will

READ | WhatsApp draining your phone's battery too? This could be the reason

Updated 17:37 IST, November 18th 2019