WhatsApp recently eliminated a critical error, by which attackers could remotely compromise a device and steal protected chat messages and files.
The vulnerability has the identifier CVE-2019-11931 and represents a stack buffer overflow problem. The error occurred due to the fact that WhatsApp parsed the elementary metadata stream in MP4 files. This gave attackers the opportunity to carry out a DoS attack or remotely execute arbitrary code.
All that was required for the remote operation of the bug was to know the phone number of the target and send it via WhatsApp a malicious MP4 file. Such a file could lead to the automatic installation of a backdoor or spyware application on a compromised device, effectively transferring control into the hands of the attackers.
Vulnerability affected WhatsApp for all major platforms, including Google Android, Apple iOS and Microsoft Windows. According to the company Facebook, which owns the messenger, the list of vulnerable versions is as follows:
- Android version up to 2.19.274
- iOS versions up to 2.19.100
- Enterprise Client versions up to 2.25.3
- Windows Phone versions up to and including 2.18.368
- Business for Android versions up to 2.19.104
- Business for iOS versions up to 2.19.100
It is not yet known whether this vulnerability was exploited by attackers before the developers released the update. But journalists note that the problem is in many ways similar to another recently discovered WhatsApp vulnerability, due to the exploitation of which Facebook filed a lawsuit against the Israeli company NSO Group, which develops and sells spyware solutions and the so-called “legal malware”. The fact is that according to Facebook, NSO Group employees not only knew about that bug but also used it to compromise the devices of more than 1,400 people in Bahrain, the United Arab Emirates and Mexico.