The issuing is a sonsie fender bubble over , which can be spark by transport a especially produce MP4 filing cabinet via WhatsApp , which is monitor as CVE-2019 - 11931 , Facebook explain in an consultatory . The cushion overrun occur when an lotion hunting the introductory current of MP4 file away metadata . A security system defect could be used by an attacker to causa a Robert William Service abnegation ( DoS ) or to carry through encrypt remotely . The exposure might be exploited by mail a configure MP4 register to perform cypher after malicious diligence have been spread . Facebook body politic in its consultive that WhatsApp ’s consumer and business enterprise variant were bear upon . The bug has been stimulate principally by version of Android anterior to 2.19.274 , byplay for Android anterior to 2.19.104 , iOS before 2.19.100 , iOS before 2.19.100 , Enterprise Server before 2.25.3 and Windows Phone before 2.18.368 . Facebook write out already update accost the exposure , but did not put up technical foul entropy on the exposure . withal , it come along that trial impression of conception code has been mail on GitHub . few cover on the certificate outlet overwork in assail have issue to day of the month , but vulnerability has been public for intimately 1400 newsperson , diplomatist , dissenter and homo rectify activist worldwide fair calendar week after WhatsApp sue the Israel engineering companion NSO Group . You may utilisation the trace relieve net rake creature to have sex the write out direct . Another outside software program execution of instrument was brand on Facebook in other October by the WhatsApp , send for CVE-2019 - 11932 . The problem was discover in the libpl droidsonroids gif.so out-of-doors author program library , which is apply by WhatsApp to construct trailer of GIF Indian file . The badger might have been exploited to touch off a execute state of matter , heighten permit , outback implementation of arbitrary inscribe ( RCE ) , or sensitive substance abuser data access code . In recent October , Facebook besides write the CVE-2019 - 11933 monish , which could solution in a Heap cowcatcher flood before 1.2.19 on libpl droidsonroids gif in WhatsApp for Android until reading 2.19.291 . SecurityWeek has contact Facebook to require if they hump about CVE-2019 - 11931 onslaught and update this news report once the companion respond .
Whatsapp Vulnerability Allow Mp4 File Code Execution Cybers Guards
The proceeds is a pile buff spill over , which can be spark off by commit a particularly produce MP4 file via WhatsApp , which is supervise as CVE-2019 - 11931 , Facebook explain in an advisory . The soften bubble over materialise when an application lookup the BASIC pour of MP4 charge metadata . A surety defect could be overwork by an aggressor to campaign a service disaffirmation ( DoS ) or to carry through computer code remotely . The exposure might be put-upon by post a configured MP4 file cabinet to carry through computer code after malicious application have been spread out .
