WhatsApp is the most popular messaging platform in the world. Unfortunately, that means it's got a giant bullseye on it where hackers are taking advantage of remote code execution attacks or denial-of-service through stack-based buffer overflow issues.
Exposed and Exploited Using Remote Code Execution Attacks
In recent months, the company faced no end of troubles as a raft of vulnerabilities have been exposed and exploited by hackers from every corner of the globe.
The company is still reeling from the blowback associated with various issues, but their troubles don't seem to be over yet. Just last month, WhatsApp quietly found and patched another vulnerability, tracked and titled as CVE-2019-11931. It is a stack-based buffer overflow issue relating to how older WhatsApp versions parsed MP4 metadata, allowing attackers to launch denial-of-service or remote code execution attacks.
All a hacker needed to exploit the flaw was a target's phone number and a specially crafted MP4 file. It just had to be constructed in such a way that it installed a backdoor upon opening. From there, the hacker has the option to install a wide range of malware. Worse, this vulnerability found in both the consumer and Enterprise versions of WhatsApp for all major platforms, including Windows, iOS, and Android.
WhatsApp's parent company, Facebook, recently published an advisory bulletin. See the list of versions they provided below.
The list of affected versions are as follows:
- Business for iOS versions before 2.19.100
- Business for Android versions before 2.19.104
- Windows Phone versions before and including 3.18.368
- Enterprise Client versions before 2.25.3
- iOS versions before 2.19.100
- Android versions before 2.19.274
If there's a silver lining here, the company has confirmed that there have been no instances of this exploit used 'in the wild,' and the company has issued a patch. Are you using one of WhatsApp's legions of users? Check to be sure you're running the latest version. If not, update immediately to be on the safe side.