WhatsApp fixes flaw that allowed cell phone invasion with MP4 videos

Receive MP4 videos via Whatsapp it is part of the routine of many people, but it can also represent a serious security problem: a vulnerability in the application allows the user’s smartphone – Android or iPhone – to be accessed remotely from the execution of a file with extension .mp4 in the messenger.

Baptized as CVE-2019-11931, the problem was considered critical. That’s because the malicious MP4 file can cause a buffer overflow that paves the way for DoS (denial of service) and RCE (remote execution of malicious code) techniques.


Depending on how these techniques are explored, the user can have their WhatsApp messages accessed by third parties or captured files, all remotely.

There was concern that this flaw had been used in the spying scheme on governments in more than 20 countries that would have been conducted by the Israeli company NSO Group, however, there is no evidence that the CVE-2019-11931 vulnerability has been exploited.

In any case, the flaw was corrected on October 3 in WhatsApp 2.19.274 for Android and 2.19.100 for iOS. The fix also exists in WhatsApp Business since version 2.19.104 for Android and 2.19.100 for iOS. Even WhatsApp for Windows Phone received correction (in version 2.18.368).

Although the fixes were released more than a month ago, the flaw is considered important because there are still devices running outdated versions of WhatsApp.

The tip here ends up being obvious: keep automatic updates enabled on your phone and, of course, be very careful with files received via WhatsApp or similar service.

With information: The Next Web.

Leave a Comment