No matter how hard companies try to secure their platforms and services, vulnerabilities and bugs will always slip through the cracks. That’s exactly what happened last week when Facebook announced a severe video security flaw in messaging app WhatsApp.
The bug is a stack-based buffer overflow issue attackers can trigger by sending a “specially crafted MP4 file.” This exploit can cause denial-of-service or remote code execution attacks.
It works because of how the service parses MP4 elementary stream metadata. This WhatsApp video security flaw is present on Android app versions prior to 2.19.274 and iOS app versions prior to 2.19.100. It also affects prior versions of the WhatsApp enterprise, Windows Phone, Business for Android, and Business for iOS clients.
It doesn’t look like the bug has been actively exploited, but users should update their apps to alleviate the risk of attack.