19 C
Jaipur
Wednesday, October 28, 2020

WhatsApp Vulnerability Let Hackers Perform RCE & DOS Via Crafted MP4

Must read

Best Tools to Create a Bootable Linux USB Drive

Bootable USB is a USB drive that is used to boot up a computer or laptop for installation on an operating system.Unlike Windows, Linux...

Samsung Galaxy S21 May Ditch Bundled Earphones And Charger Like Apple

A few weeks ago, Apple made headlines after announcing that the iPhone 12 won’t ship with a charger or a pair of earphones. And now it...

China launches crackdown on mobile web browsers, decries ‘chaos’ of information – Latest News

China's top cyber authority said it would carry out a "rectification" of Chinese mobile internet browsers to address what it called social concerns over...

cellphone: Japan unveils plan to prod carriers to cut cellphone charges – Latest News

Japan on Tuesday laid out a plan for reducing consumers' cellphone charges, as the government stepped up its bid to promote competition in the...

New Critical vulnerability found in both Android/iOS WhatsApp version Let hackers sending a specially crafted MP4 file to WhatsApp user and trigger the stack-based buffer overflow to perform remote code execution and DoS Attack.

Facebook-owned privacy-oriented messenger WhatsApp is one of the Top-ranked Messanger apps with more than Billion users around the world in both Android and iPhone.

The vulnerability affected the following Versions:

  • Android versions prior to 2.19.274
  • iOS versions prior to 2.19.100,
  • Enterprise Client versions prior to 2.25.3
  • Business for Android versions prior to 2.19.104
  • Business for iOS versions prior to 2.19.100
  • Windows Phone versions before and including 2.18.368

The vulnerability classified as “Critical” Severity that affected an unknown code block of the component MP4 File Handler in WhatsApp.

Successful exploitation of this bug leads the manipulation as part of a Message to trigger the Stack-based memory corruption vulnerability in WhatsApp Messenger.

Hackers can take advantage of this vulnerability to deploy the malware on the user’s device to steal sensitive files and also used to surveillance purposes.

According to Facebook Advisory that published behalf of WhatsApp “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.”

The RCE vulnerability allows hackers to perform the attack remotely without any sort of authentication.

The Critical WhatsApp vulnerability can be tracked as CVE-2019-11931. Based on the vulnerability severity, It defines the price range of USD $5k-$25k.

This is not the first time Remote code execution vulnerability found in WhatApp in this year, we have reported another WhatsApp RCE Vulnerability in last month that allowed remote hackers to steal the files in your Android phone using malformed GIF’s.

There is no technical details are available for this critical WhatsApp Vulnerability and an exploit is not available at this moment.

We will keep update you once we found the relevant technical details. please stay tuned.

Update: A spokesperson from WhatsApp told GBHackers that there is no evidence found for this vulnerability that was exploited.

“WhatsApp is constantly working to improve the security of our service. We make public, reports on potential issues we have fixed consistently with industry best practices. In this instance, there is no reason to believe users were impacted.”

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read: WhatsApp Web – A Complete Guide To Use on Windows, Mac, Linux

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Best Tools to Create a Bootable Linux USB Drive

Bootable USB is a USB drive that is used to boot up a computer or laptop for installation on an operating system.Unlike Windows, Linux...

Samsung Galaxy S21 May Ditch Bundled Earphones And Charger Like Apple

A few weeks ago, Apple made headlines after announcing that the iPhone 12 won’t ship with a charger or a pair of earphones. And now it...

China launches crackdown on mobile web browsers, decries ‘chaos’ of information – Latest News

China's top cyber authority said it would carry out a "rectification" of Chinese mobile internet browsers to address what it called social concerns over...

cellphone: Japan unveils plan to prod carriers to cut cellphone charges – Latest News

Japan on Tuesday laid out a plan for reducing consumers' cellphone charges, as the government stepped up its bid to promote competition in the...

oneplus 7t: Amazon sale: OnePlus 7T selling at Rs 32,999 in upgrade deal

OnePlus 7T has got a price cut of Rs 7,000 during the Amazon Great Indian Festival sale. The handset is available at a...