Issue is related to video playback within the WhatsApp software and namely, to a buffer overflow problem related to MP4 videos. Malicious party can send a specially crafted MP4 video file to the recipient and hijack the phone, without user even knowing about it.
The video itself would play just fine, but in the background, the specially crafted MP4 file could open the phone operating system for hackers to run their own code on the phone. Such malicious code can be pretty much anything: mining cryptocurrency for the criminals, sending out millions of spam emails to other recipients, to be part of a denial-of-service attacks against other services, etc.
The bug is related to parsing the elementary stream metadata of MP4 video files.
There's a patched version of WhatsApp available for Android, iPhone and Windows Phone users.
Affected versions:
- Android versions prior to 2.19.274
- iOS versions prior to 2.19.100
- Enterprise Client versions prior to 2.25.3
- Windows Phone versions before and including 2.18.368
So, head to your phone's app store immediately and update your WhatsApp right away!
Written by: Petteri Pyyny @ 18 Nov 2019 5:52