The most popular instant messaging app in the world is not having a good time of it. We haven’t even gotten over the Pegasus spyware attack and its fallout, and the WhatsApp has confirmed that there is yet another vulnerability that allows hackers to take control of a user’s WhatsApp data and even the data on their phone. The best thing you can do right now to reduce the risk of your WhatsApp data getting compromised is to update the app on your Android phone or the Apple iPhone, from the Play Store or App Store respectively. Basically, a potential hacker can trigger this to take control of your phone by sending you an infected video file, in the MP4 format.
“A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100,” notes the advisory issued by Facebook regarding the latest WhatsApp vulnerability. A lot of users keep the auto-download option on for media files, and that just makes life easier for hackers.
It is confirmed that WhatsApp for Android versions prior to 2.19.274, WhatsApp for iOS versions prior to 2.19.100, the Enterprise Client versions prior to 2.25.3, the Windows Phone versions before and including 2.18.368, the WhatsApp For Business for Android versions prior to 2.19.104, and WhatsApp For Business for iOS versions prior to 2.19.100 are affected.
There is precious little information beyond this, but from what we can understand, this is a serious one. A malware attack could result in a compromised phone, with the risk of malware being planted to either access data, do a remote takeover of your phone or computing device or even to eavesdrop on conversations. It really is as serious as things get. There is also no word on how this vulnerability was discovered.
WhatsApp recently confirmed a spyware was being used by Israel based company NSO Group to spy on government officials, journalists, activists, lawyers, and various countries globally, including India. The confirmation about the use of Pegasus spyware after WhatsApp sued NSO Group, which had long been suspected in the WhatsApp cyberattack that happened earlier this year. This came to light after WhatsApp sent out messages warning users in India that they had been the target of a spyware attack and the data on their phone and the instant messaging app could have been compromised.