Facebook reports Whatsapp

Facebook Reports Whatsapp Bug That Could Allow Hackers To Infect Your phone Via Video File

Facebook Reports

has disclosed a vulnerability in WhatsApp that could allow your phone to be hacked via a malicious video file.

It’s not clear if the video file must be opened or if it can simply be sent to a user to allow a hacker to hack your phone.

The bug was present in the iOS, Android, and even Windows Phone versions of the WhatsApp and WhatsApp for Business apps.

According to Facebook: “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user.”


The bug has been patched in the latest versions of WhatsApp, and was reported to India’s CERT-IN following the

release of the patch. CERT-IN has rated the severity of the vulnerability as “high” and advised users to update their app.


More recently, WhatsApp has been at the centre of controversy involving state-sponsored spyware made by

Israeli firm NSO Group. The suite of tools, called Pegasus, costs millions of dollars and is only accessible to nation-

states. It was revealed that this spyware suite was used to targets over 1,400 journalists and activists around the

world, including several dozen such people in India. WhatsApp was one of the vectors used to spread the attack.

Given the mechanism by which Pegasus exploited WhatsApp, it’s unlikely that this mp4 vulnerability was involved.

Regardless, if you’re on the following versions of the WhatsApp app, it’s high time you updated your app:

  • Android versions prior to 2.19.274
  • iOS versions prior to 2.19.100
  • Enterprise Client versions prior to 2.25.3
  • Windows Phone versions before and including 2.18.368
  • Business for Android versions prior to 2.19.104
  • Business for iOS versions prior to 2.19.100.

image source : Getty

WhatsApp had the following to say: “WhatsApp is constantly working to improve the security of our service. We

make public, reports on potential issues we have fixed consistently with industry best practices. In this instance,

there is no reason to believe users were impacted.”


On the official website, CERT-IN has said in a statement, “A stack-based buffer overflow vulnerability exists in

WhatsApp due to improper parsing of elementary metadata of an MP4 file. A remote attacker could exploit this

vulnerability by sending a special crafted MP4 file to the target system. This could trigger a buffer overflow condition

leading to execution of arbitrary code by the attacker. The exploitation doesn’t require any form of authentication

from the victim and executes on downloading of malicious crafted MP4 file on the victim’s system.”


For more posts like this, follow us on our social media pages Facebook and Twitter.

Also visit our shop here for quality and affordable items.

Leave a Reply

Shopping cart


No products in the cart.

Continue Shopping