WhatsApp is now being targeted by ‘specially-crafted’ MP4 file

By Xite - November 18, 2019
An online portal has claimed that WhatsApp has a vulnerability that allows hackers to use a ‘specially crafted’ MP4 file to deploy malware on a user’s device to steal sensitive files and use the....

WhatsApp has become a hotbed of controversies. First, it was used for snooping on Indian journalists and human rights activists, and now a report has said that the Facebook-owned instant messaging app is being used to steal data. Online portal gbhackers has claimed that the app has a vulnerability that can allow hackers to deploy the malware via ‘specially crafted’ MP4 file on a user’s device to steal sensitive files from the device and use the phone for surveillance purpose.

‘New Critical vulnerability found in both Android/iOS WhatsApp version Let hackers sending a specially crafted MP4 file to WhatsApp user and trigger the stack-based buffer overflow to perform remote code execution and DoS Attack,’ the platform said in a post. WhatsApp is aware of the vulnerability and has published the details of the versions that have been affected by the threat. The vulnerability affects the following versions:

  • Android versions prior to 2.19.274
  • iOS versions prior to 2.19.100,
  • Enterprise Client versions prior to 2.25.3
  • Business for Android versions prior to 2.19.104
  • Business for iOS versions prior to 2.19.100
  • Windows Phone versions before and including 2.18.368
  • The vulnerability classified as “Critical” Severity that affected an unknown code block of the component MP4 File Handler in WhatsApp.

This Remote Code Evaluation (RCE) vulnerability allows hackers to perform the attack remotely without any authentication. This is the second such threat in two months. Last month, a similar kind of vulnerability allowed remote hackers to steal the files in Android devices using malformed GIF images.

Two weeks ago, WhatsApp confirmed that Pegasus spyware was used to snoop on about 1,400 Indian journalists and human rights activists. The spyware in question has been developed by the Israeli company NSO Group that ties up with governments and use the technology to fight terrorism and crime. According to WhatsApp, the phones of the mentioned people were under surveillance for two weeks in May 2019 during which the Indian General Elections took place.

  • Tags
  • WhatsApp