Yet another Whatsapp vulnerability:

Close on the heels of the ‘Pegasus’ spyware, the Internet was again abuzz with yet another Whatsapp vulnerability on Monday, 18^th November 2019. This time:

1. Hackers send a specially crafted .mp4 file to a Whatsapp user which could trigger a stack based buffer overflow.
2. This could enable the hacker to launch a ‘Denial of service attack’(DOS) or ‘Remote code execution’(RCE) thereby gaining complete control of the mobile devices
3. If you are affected by the vulnerability, all sensitive and non-sensitive files on your device can be stolen and your device might be used for surveillance purposes
4. It affects both Android and iOS devices
5. This vulnerability is CVE-2019-11931
6. It has hence been patched
7. It is a possibility that in addition to the app’s vulnerability, the vulnerability within the mobile OS could also trigger this attack
8. It affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.

What can be done:

1. Turn ‘off’ auto-download on Whatsapp
2. Do not download .mp4 files
3. Update your software regularly

All about Pegasus!

AUTHOR
Jayanthi Manikandan ( )
Cyber Security Analyst

“ Jayanthi Manikandan has a Master’s degree in Information systems with a specialization in Information Assurance from Walsh college, Detroit, MI. She is passionate about Information security and has been writing about it for the past 6 years. She is currently ‘Security researcher at InfoSec train. “