Sunday, May 18, 2025
HomeAndroidNew WhatsApp Bug Let Hackers Execute a Remote Code & Perform DOS...

New WhatsApp Bug Let Hackers Execute a Remote Code & Perform DOS Attack by Sending Crafted MP4 File

Published on

SIEM as a Service

Follow Us on Google News

New Critical vulnerability found in both Android/iOS WhatsApp version Let hackers sending a specially crafted MP4 file to WhatsApp user and trigger the stack-based buffer overflow to perform remote code execution and DoS Attack.

Facebook-owned privacy-oriented messenger WhatsApp is one of the Top-ranked Messanger apps with more than Billion users around the world in both Android and iPhone.

The vulnerability affected the following Versions:

- Advertisement - Google News
  • Android versions prior to 2.19.274
  • iOS versions prior to 2.19.100,
  • Enterprise Client versions prior to 2.25.3
  • Business for Android versions prior to 2.19.104
  • Business for iOS versions prior to 2.19.100
  • Windows Phone versions before and including 2.18.368

The vulnerability classified as “Critical” Severity that affected an unknown code block of the component MP4 File Handler in WhatsApp.

Successful exploitation of this bug leads the manipulation as part of a Message to trigger the Stack-based memory corruption vulnerability in WhatsApp Messenger.

Hackers can take advantage of this vulnerability to deploy the malware on the user’s device to steal sensitive files and also used to surveillance purposes.

According to Facebook Advisory that published behalf of WhatsApp “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.”

The RCE vulnerability allows hackers to perform the attack remotely without any sort of authentication.

The Critical WhatsApp vulnerability can be tracked as CVE-2019-11931. Based on the vulnerability severity, It defines the price range of USD $5k-$25k.

This is not the first time Remote code execution vulnerability found in WhatApp in this year, we have reported another WhatsApp RCE Vulnerability in last month that allowed remote hackers to steal the files in your Android phone using malformed GIF’s.

There is no technical details are available for this critical WhatsApp Vulnerability and an exploit is not available at this moment.

We will keep update you once we found the relevant technical details. please stay tuned.

Update: A spokesperson from WhatsApp told GBHackers that there is no evidence found for this vulnerability that was exploited.

“WhatsApp is constantly working to improve the security of our service. We make public, reports on potential issues we have fixed consistently with industry best practices. In this instance, there is no reason to believe users were impacted.”

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read: WhatsApp Web – A Complete Guide To Use on Windows, Mac, Linux

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Sophisticated NPM Attack Leverages Google Calendar2 for Advanced Communication

A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign...

New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads

A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Cisco IOS Software SISF Vulnerability Could Enable Attackers to Launch DoS Attacks

Cisco has released security updates addressing a critical vulnerability in the Switch Integrated Security...

NSO Group Ordered to Pay $168 Million to WhatsApp in US Spyware Verdict

A federal jury in California has ordered Israeli spyware maker NSO Group to pay...

Android Security Update -A Critical RCE Vulnerability Actively Exploited in the Wild 

Google has released critical security patches for Android devices to address 57 vulnerabilities across...