With the latest controversies regarding the WhatsApp hacking not yet settled, WhatsApp may find itself in the thick of trouble once again.

It was learned that last month, the world’s most popular messaging platform silently repaired yet another serious flaw in its app that could have let hackers remotely compromise beleaguered devices.

Tracked as CVE-2019-11931, the flaw is a stack-based buffer excess problem that exist in in the way previous WhatsApp versions analyze the basic stream metadata of an MP4 file, leading to denial-of-service or remote code execution attacks.

To remotely make the most of the flaw, an attacker needs to have the phone number of targeted users and send them a spitefully crafted MP4 file over WhatsApp, which finally can be automated to install a malevolent backdoor or spyware app on the bargained devices silently.

The flaw impacts WhatsApp’s consumers and enterprise apps for all important platforms, including Google Android, Apple iOS, and Microsoft Windows.

An advisory published by Facebook, which owns WhatsApp, here is the list of affected app versions are:

Android versions before 2.19.274

iOS versions before 2.19.100

Enterprise Client versions before 2.25.3

Windows Phone versions before and including 2.18.368

Business for Android versions before 2.19.104

Business for iOS versions before 2.19.100

The space, harshness, and influence of the newly repaired flaw seem similar to a recent WhatsApp VoIP call vulnerability that was misused by the Israeli company NSO Group to install Pegasus spyware on closely 1400 targeted Android and iOS devices globally.

It’s still not clear if the MP4 flaw was also abused as a zero-day in the wild before Facebook learned about and repaired it.

One thought on “WhatsApp likely to be in Trouble due to a Spate of Controversaries”

Leave a Reply

Your email address will not be published. Required fields are marked *