After Pegasus recently Whatapp has been hit by a vulnerability that could allow hackers to gain access to the phones by sending an mp4 file on Whatsapp. This specially crafted mp4 file can lead to remote control execution (RCE) and Denial of Service (dos) attack cyberattack by the hackers.
A stack-based buffer overflow vulnerability exists in WhatsApp due to improper parsing of elementary metadata of an MP4 file. A remote attacker could exploit this vulnerability by sending a specially crafted MP4 file to the target system. This could trigger a buffer overflow condition leading to the execution of arbitrary code by the attacker. The exploitation doesn’t require any form of authentication from the victim and executes on downloading of malicious crafted MP4 files on the victim’s system.
Facebook said that WhatsApp versions before 2.19.274. and for the IOS version before 2.19.100. and for business versions before 2.19.100. and for business in IOS 2.19.100. and for Windows Phone versions before 2.18.368 were impacted by this vulnerability.
Whatsapp was recently targeted by the Pegasus, spyware developed by Israeli cyber firm NSO group operates by just calling the function which was used by the Indian government during elections to keep an eye for any terrorist activity or nuisance thing. WhatsApp spokesperson said
We agree with the government of India’s strong statement about the need to safeguard the privacy of all Indian citizens. That is why we’ve taken this strong action to hold cyber attackers accountable and why WhatsApp is so committed to the protection of all user messages through the product we provide.
Facebook
How to avoid it?
It is been advised that if someone has sent you an mp4 file try to avoid it as it could be sent by the hackers to leak your privacy and keep your WhatsApp up-to-date.
WhatsApp is constantly working to improve the security of our service. We make public, reports on potential issues we have fixed consistent with industry best practices. In this instance, there is no reason to believe users were impacted.
Facebook
