9VSA-00087-001 CSIRT shares updates for WhatsApp

Summary

The Computer Security Incident Response Team, CSIRT, shares the information realesed by Facebook regarding to a vulnerability present in its WhatsApp messaging client.

Vulnerability

CVE-2019-11931

Impact

A buffer overflow could be activated in WhatsApp by sending a specially designed MP4 file to a WhatsApp user. The problem was present when analyzing the elementary stream metadata of an MP4 file and could result in a DoS (denial of service) or RCE (remote code execution).

Products

Android versions prior to 2.19.274
IOS versions prior to 2.19.100
Enterprise Client versions prior to 2.25.3
Previous and included versions of Windows Phone 2.18.368
Business versions for Android prior to 2.19.104
Business versions for iOS before 2.19.100.

Mitigation

Apply the updates published by the manufacturer, available in the application stores corresponding to each operating system (Google Play, App Store, Microsoft Store)

Link

https://www.facebook.com/security/advisories/cve-2019-11931