Although many users consider WhatsApp to be one of the world’s most secure messaging platforms, recent reports seem to indicate otherwise. Facebook (WhatsApp’s parent company) has recently revealed that an issue allowing remote code execution has been patched in response to accusations that WhatsApp was being used to spy on users in India. In the past, hackers could use an MP4 video clip to carry out the assault and acquire your personal information.
The vulnerability, identified as CVE-2019-11931, was disclosed by Facebook in a recent security advisory report. It let hackers to remotely run malicious malware on your devices without your knowledge using specially created MP4 video files (which appear to be standard). There aren’t many specifics provided here, but the problem was brought on by the way WhatsApp parses MP4 movies in your conversations.
Facebook explains the flaw by stating, “Sending a specially constructed MP4 file to a WhatsApp user might cause a stack-based buffer overflow in WhatsApp.” The problem existed during parsing the basic stream metadata of an MP4 file and might cause a DoS or RCE (remote code execution).
Before to 2.19.274 for Android and prior to 2.19.100 for iOS, WhatsApp has this vulnerability. The impacted Windows Phone releases range from 2.18.368 and earlier through 2.19.104 on Android and 2.19.100 on iOS for WhatsApp Business.
WhatsApp is always working to make our service’s security better. In accordance with industry best practises, we release reports to the public on potential issues we have resolved. According to a Facebook spokeswoman, there is no reason to think that users were harmed in this case.
Facebook advises updating WhatsApp to the most recent build of the programme to reduce the chance of hackers stealing your personal information. There are currently no reports of the exploit being utilised actively. In the last month, WhatsApp has published a second exploit. The use of NSO’s Pegasus spyware for monitoring Indian journalists and human rights activists via WhatsApp cannot be forgotten.