WhatsApp in danger by a specifically crafted MP4 file that might set off stack-based buffer overflow assault

Fb owned WhatsApp has been within the information from a while now for being affected by a severe privateness concern that stems from using Israeli spy ware known as Pegasus. Now, builders of the web chat app have revealed a brand new vulnerability within the app that means one other means an attacker would possibly have the ability to entry your recordsdata and information. As per a not too long ago revealed Fb safety advisory, a stack-based reminiscence buffer overflow will be triggered by sending a specifically crafted MP4 file to a WhatsApp person. “The difficulty was current in parsing the elementary stream metadata of an MP4 file and will end in a DoS or RCE,” states the advisory. 

Fb merely says that the flaw may end in Denial of Service (DoS) or Distant Code Execution (RCE), however that is fairly regarding. Whereas DoS would possibly hamper you from utilizing WhatsApp in your cellphone, RCE shouldn’t be one thing to be taken frivolously. Utilizing Distant Code Execution, an attacker can run code in your gadget, which may consequence from downloading and sideloading malware to hijacking it and accessing your information. The flaw impacts Android variations of WhatsApp earlier than the two.19.274 replace, iOS variations previous to 2.19.100, Enterprise Consumer variations previous to 2.25.3, Home windows Telephone variations earlier than and together with 2.18.368, Enterprise for Android variations previous to 2.19.104, and Enterprise for iOS variations previous to 2.19.100.

The revelation of this new exploit comes quickly after the Pegasus fiasco the place the spy ware was allegedly used to spy on quite a few entities. As per a earlier report, WhatsApp alerted two dozen teachers, attorneys, Dalit activists and journalists throughout India that their units have been underneath surveillance for a two-week interval until Could 2019. The time interval coincides with the 2019 Common Elections in India. You may learn extra about this right here. 




Leave a Reply

Next Post

TriNet despatched distant staff an e mail that some thought was a phishing assault

Sun Nov 17 , 2019
It was the probably the greatest phishing emails we’ve seen… that wasn’t. Phishing stays some of the widespread assault decisions for scammers. Phishing emails are designed to impersonate corporations or executives to trick customers into turning over delicate data, sometimes usernames and passwords, in order that scammers can log into […]