There is another WhatsApp flaw, but instead of malicious GIFs, this time it’s malicious mp4 files. Facebook announced the vulnerability late last week. An update has been released, so first go make sure WhatsApp is updated. Facebook’s advisory is a bit light on the details, simply saying that a “stack-based buffer overflow” was possible as a result of “parsing the elementary stream metadata of an mp4 file”.
Shortly after the bug was announced, a GitHub repository popped up, with a claimed proof-of-concept mp4 file for CVE-2019-11931. (Thanks to [justtransit] on Reddit for the link.) I can’t easily test the PoC file, but we can take a look at it to see what the vulnerability is. What tools do we need to take a look? A hex editor is a good start. I’m using GHex, simply because it was available and easily installed on Fedora.
See the problem? Neither did I, at first.
The other tool we need is some documentation on how the mp4 format is supposed to be formatted. Mp4 has a storied history, descending from Apple’s QuickTime Movie format. Apple’s developer documentation was quite helpful in learning about mp4. I also referenced an obscure archived geocities website to answer a speci ..
Support the originator by clicking the read the rest link below.
