News

WhatsApp hit by a security vulnerability that is triggered by an MP4 file

If you’ve recently received an odd-looking MP4 file on WhatsApp, you better be wary of it. A brand new attack is doing the rounds that is exploiting a security vulnerability in the chat application on both Android and iOS devices. It involves sending a special MP4 file to the target account that triggers the remote code execution (RCE) and denial of service (DoS) attacks. These attacks allow the hacker to snoop around the victim’s device, therefore users are advised to update their WhatsApp in order to avoid getting targeted.

Classified as ‘Critical’ in terms of severity, the security vulnerability has affected an unknown portion of code in the MP4 file handler component in WhatsApp. Naturally, Facebook issued an advisory in this regard.

“A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE,” said the social media giant in a statement.

This vulnerability has been found on all Android versions prior to 2.19.274 and all iOS versions prior to 2.19.100. It allows hackers to deploy malware on the victim’s device that can steal important files and perform surveillance as well. The RCE vulnerability, in particular, enables hackers to perform remote attacks without any form of authentication.

As it happens, this isn’t the first time this year that a source has used an MP4 system to target accounts on WhatsApp. Pegasus, a piece of spyware created by Israeli surveillance firm NSO, was used to spy on Indian journalists and human rights activists by exploiting WhatsApp’s video calling system.

There is definitely a need to not only hold cyber attackers accountable for their actions but also to revamp WhatsApp’s security infrastructure to fix such vulnerabilities.

 

Sponsored
Hamza Zakir

Platonist. Humanist. Unusually edgy sometimes.

Share
Published by
Hamza Zakir

Recent Posts

SECP Exposes Illegal Trading Platform “Interactive Brokers Group (IBKR)”

The Securities and Exchange Commission of Pakistan (SECP) has issued a warning about an illegal…

12 hours ago

Punjab Schools Remain Closed for Another Week Due to Severe Smog

LAHORE: The Punjab government has announced an extension of school closures throughout the province, except…

15 hours ago

2,500 Employees Laid Off by Microsoft After $69 Billion Activision Blizzard Purchase

Microsoft has laid off approximately 2,500 employees, sparking criticism in the wake of its $69…

17 hours ago

Illegal SIM Card Trade Exposed in PTA and FIA Raids Across Islamabad and KPK

The Pakistan Telecommunication Authority (PTA), in collaboration with the Federal Investigation Agency (FIA) Cyber Crime…

17 hours ago

Unemployment Rate in Pakistan Reaches 6.3%

ISLAMABAD: The Secretary of Pakistan's Ministry of Overseas Pakistanis and Human Resource Development has revealed…

17 hours ago

Bank Alfalah Gains Approval to End Operations in Bangladesh

Bangladesh Bank and State Bank of Pakistan have both given Bank Alfalah Limited (PSX: BAFL)…

19 hours ago