WhatsApp / Facebook have discovered a new and severe vulnerability affecting users of the WhatsApp messaging software.
The issue, tracked as CVE-2019-11931, is a remote code execution attack that can be triggered by attackers by sending manipulated .MP4 files to the victim.
Facebook said that the vulnerability works because of how the service reads .MP4 metadata.
What versions are affected?
Apple iOS versions before 2.19.100 and Android versions before 2.19.274. Business versions are also affected for Android prior to 2.19.104 and iOS prior to 2.19.100. Also, enterprise clients prior to 2.25.3 and Windows Phone before 2.18.368.
It’s a good idea to regularly update your apps, so take a moment to make sure all of your software has the latest version installed.