Things about WhatsApp – The Indian Computer Emergency Response Team (CERT-In), the nodal agency for handling cyber-security related threats, has asked WhatsApp users in India to update their application to the latest version following an MP4 video file vulnerability recently reported by Facebook.
MP4 video file vulnerability discovered
MP4 file extension could be a compressed file format that will carry videos, audio, and subtitles.
A stack-based buffer overflow vulnerability exists in WhatsApp due to improper parsing of elementary metadata of an MP4 file.
Authentication form WhatsApp user
The flaw doesn’t need any authentication from WhatsApp user.
It gets dead once the maliciously malware crafted file is download on the user’s device.
Hackers to use spying malware
Attackers will use the WhatsApp security loophole to add malicious on users’ devices and steal some sensitive files and can use it for spying purposes.
Hackers use remote control devices
A remote attacker could exploit this vulnerability by sending a particular crafted MP4 file to the target system.
This could trigger a buffer overflow condition leading to the execution of arbitrary code by the attacker.
Users need to do
CERT-In has suggested users update to the latest versions.
We make public reports on potential issues and we have fixed advisory with industry best practices.
Update latest versions
The critical bug is found on the WhatsApp versions before 2.19.274 on the Android and iOS versions before 2.19.100.
The issue is Enterprise client versions 2.25.3 and older, Windows versions including and before 2.18.368; Business for Android version 2.19.104 and older; Business for iOS versions before 2.19.100.
WhatsApp was recently targeted by hackers using Pegasus, spyware made by Israel-based NSO Group.
The spyware exploited a vulnerability in the video calling feature and allowed hackers to snoop on 1,400 individuals around the world.
The Pegasus spyware also targeted some users in India.
The Indian government has sought an explanation from the instant messaging company over the spyware hacking.
Facebook warned last week
Also, Facebook too warned of the safety flaw in WhatsApp late last week.
The issue was present in parsing the elementary stream data of associate an MP4 file and will end in a Code Execution (RCE) of Denial of Service (DoS),” reads the Facebook advisory.
For the latest tech news, you can follow our website. Don’t hesitate to share this post with your friends.