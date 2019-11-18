WhatsApp users across all platforms have been advised to update the app to their latest version. The company has issued an advisory stating about a vulnerability that can trigger various kinds of attacks on Android and iOS devices.

Facebook has informed that the vulnerability can be activated by sending an MP4 file to the victim. This ‘specially crafted MP4 file’ can trigger a Remote Code Execution (RCE) and Denial-of-Service (DoS) attacks.

For the uninitiated, in an RCE attack, hackers can remotely execute code using system vulnerabilities to deploy malware and gain control. In a DoS attack, the system (an app in this case) isn’t accessible either because it is flooded with traffic that often causes the app to crash.

“A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE”, stated Facebook.

The vulnerability exists in the Android app version prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3. WhatsApp for Windows phones before and including 2.18.368 are also vulnerable to an attack.

WhatsApp Business apps for Android and iOS versions prior to 2.19.104 and 2.19.100, respectively, are also affected by the bug.