Facebook Reports
has disclosed a vulnerability in WhatsApp that could allow your phone to be hacked via a malicious video file.
It’s not clear if the video file must be opened or if it can simply be sent to a user to allow a hacker to hack your phone.
The bug was present in the iOS, Android, and even Windows Phone versions of the WhatsApp and WhatsApp for Business apps.
According to Facebook: “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user.”
The bug has been patched in the latest versions of WhatsApp, and was reported to India’s CERT-IN following the
release of the patch. CERT-IN has rated the severity of the vulnerability as “high” and advised users to update their app.
More recently, WhatsApp has been at the centre of controversy involving state-sponsored spyware made by
Israeli firm NSO Group. The suite of tools, called Pegasus, costs millions of dollars and is only accessible to nation-
states. It was revealed that this spyware suite was used to targets over 1,400 journalists and activists around the
world, including several dozen such people in India. WhatsApp was one of the vectors used to spread the attack.
Given the mechanism by which Pegasus exploited WhatsApp, it’s unlikely that this mp4 vulnerability was involved.
Regardless, if you’re on the following versions of the WhatsApp app, it’s high time you updated your app:
- Android versions prior to 2.19.274
- iOS versions prior to 2.19.100
- Enterprise Client versions prior to 2.25.3
- Windows Phone versions before and including 2.18.368
- Business for Android versions prior to 2.19.104
- Business for iOS versions prior to 2.19.100.
image source : Getty
WhatsApp had the following to say: “WhatsApp is constantly working to improve the security of our service. We
make public, reports on potential issues we have fixed consistently with industry best practices. In this instance,
there is no reason to believe users were impacted.”
On the official website, CERT-IN has said in a statement, “A stack-based buffer overflow vulnerability exists in
WhatsApp due to improper parsing of elementary metadata of an MP4 file. A remote attacker could exploit this
vulnerability by sending a special crafted MP4 file to the target system. This could trigger a buffer overflow condition
leading to execution of arbitrary code by the attacker. The exploitation doesn’t require any form of authentication
from the victim and executes on downloading of malicious crafted MP4 file on the victim’s system.”
For more posts like this, follow us on our social media pages Facebook and Twitter.
Also visit our shop here for quality and affordable items.
