Search results for

All search results
Best daily deals

Affiliate links on Android Authority may earn us a commission. Learn more.

WhatsApp video security flaw leaves devices open to attack

Attackers can trigger denial-of-service or remote code execution attacks just by sending MP4 files.

Published onNovember 18, 2019

A WhatsApp app icon closeup on a smartphone for the best chat apps for android list

No matter how hard companies try to secure their platforms and services, vulnerabilities and bugs will always slip through the cracks. That’s exactly what happened last week when Facebook announced a severe video security flaw in messaging app WhatsApp.

The bug is a stack-based buffer overflow issue attackers can trigger by sending a “specially crafted MP4 file.” This exploit can cause denial-of-service or remote code execution attacks.

It works because of how the service parses MP4 elementary stream metadata. This WhatsApp video security flaw is present on Android app versions prior to 2.19.274 and iOS app versions prior to 2.19.100. It also affects prior versions of the WhatsApp enterprise, Windows Phone, Business for Android, and Business for iOS clients.

It doesn’t look like the bug has been actively exploited, but users should update their apps to alleviate the risk of attack.

You might like