. Facebook reported that the bug is a stick-based buffer overflow problem that can be prompted by attackers sending.MP4 video files. While there are not many technical details available, Facebook said that the problem was caused by how the encrypted messaging app parses.MP4 elementary stream metadata. If exploited, the vulnerability can lead to denial-of-service (DoS) or remote code execution (RCE) attacks.
WhatsApp iterations prior to 2.19.274 on Android, and iOS versions prior to 2.19.100; also vulnerable are business users of WhatsApp before version 2.19.104 on Android and version 2.19.100 on iOS. It is recommended that users update their software builds to mitigate the risk of exploitation. However, there does not appear to be any reports of the vulnerability being actively exploited in the wild.
Another set of interesting vulnerabilities in the messaging app was disclosed by Check Point a month prior. The set of bugs “could allow threat actors to intercept and manipulate messages sent in both private and group conversations,” the researchers said and could be weaponized to exploit group “quote” features, replies, and private messages.