
Attackers using WhatsApp MP4 video files vulnerability can remotely execute code - LinuxBender
https://www.zdnet.com/article/attackers-using-whatsapp-vulnerability-triggered-by-video-files-can-remotely-execute-code/
======
senectus1
Official announcement from FB:
[https://www.facebook.com/security/advisories/cve-2019-11931](https://www.facebook.com/security/advisories/cve-2019-11931)

Full disclosure: CVE-2019-11931

Description: A stack-based buffer overflow could be triggered in WhatsApp by
sending a specially crafted MP4 file to a WhatsApp user. The issue was present
in parsing the elementary stream metadata of an MP4 file and could result in a
DoS or RCE.

This affects Android versions prior to 2.19.274, iOS versions prior to
2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions
before and including 2.18.368, Business for Android versions prior to
2.19.104, and Business for iOS versions prior to 2.19.100.

Affected Versions: Android versions prior to 2.19.274, iOS versions prior to
2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions
before and including 2.18.368, Business for Android versions prior to
2.19.104, and Business for iOS versions prior to 2.19.100.

Last Updated: 11-14-2019

