New RCE vulnerability in Whatsapp
by BlackGuruX - November 18, 2019 at 10:25 AM
#1
HI guys,
Just another RCE vuln was discovered in whatsapp.

Overview:
New Critical vulnerability found in both Android/iOS WhatsApp version Let hackers sending a specially crafted MP4 file to WhatsApp user and trigger the stack-based buffer overflow to perform remote code execution and DoS Attack.
The vulnerability affected the following Versions:

Android versions prior to 2.19.274
iOS versions prior to 2.19.100,
Enterprise Client versions prior to 2.25.3
Business for Android versions prior to 2.19.104
Business for iOS versions prior to 2.19.100
Windows Phone versions before and including 2.18.368
The vulnerability classified as “Critical” Severity that affected an unknown code block of the component MP4 File Handler in WhatsApp.

Successful exploitation of this bug leads the manipulation as part of a Message to trigger the Stack-based memory corruption vulnerability in WhatsApp Messenger.


Reference: https://gbhackers.com/whatsapp-vulnerability/

External resources:
https://www.facebook.com/security/adviso...2019-11931
#2
Who knows it might be feature placed on purpose. lol :D
#3
signal anyone? Lets be honest i really dont think anyone would believe whatsapp is really private anyway, based on ownership.
#4
(November 18, 2019 at 04:00 PM)n0iseg Wrote: signal anyone?  Lets be honest i really dont think anyone would believe whatsapp is really private anyway, based on ownership.

Why do you think signal is immune to RCE's?
#5
Each software could contain vulnerabilities. But if the company behind the software is owned by somone who sounds like a Mountain in Rio their could flow data everywhere.
#6
dont know you noticed but lately, whatsapp has a lot of problems and vulnerabilities.
it looks like a new battlefield is opening up
#7
And because they have so many users, the target or App is only more attractive for the attacker.
#8
(November 18, 2019 at 10:44 PM)geshem Wrote:
(November 18, 2019 at 04:00 PM)n0iseg Wrote: signal anyone?  Lets be honest i really dont think anyone would believe whatsapp is really private anyway, based on ownership.

Why do you think signal is immune to RCE's?


Yes, you are absolutely right.  I guess I was thinking more about the sheer quantity of stories about whatsapp, from the German government monitoring to the vulnerabilities this year.

It doesn't mean Signal is any better i guess.  But, it does feel that whatsapp has lots of problems which kind of shakes the faith (im thinking about acrobat and flash as examples, more RCEs that work time yoga classes).

I guess this post was tainted by my dislike of their owners and what they do with all of our data.  I have always been suspicious that there is more to whatsapp than meets the eye.
#9
They both use the same encryption protocol "Signal Protocol". But with Whatsapp being closed source there's no way to validate if it used correctly.

I think we can trust the intentions of Moxie more than Facebook though.

Possibly Related Threads…
Thread Author Replies Views Last Post
Whatsapp without number 5t4rdu5t 5 1,897 September 22, 2021 at 11:57 AM
Last Post: embargo
BrakTooth major vulnerability can take over billions of smart devices! emoji47 1 1,130 September 08, 2021 at 08:22 PM
Last Post: facct
Download the latest WhatsApp Mod with trojan emoji47 4 1,843 August 25, 2021 at 07:56 AM
Last Post: sw0rd

 Users browsing this thread: 1 Guest(s)