18 Nov, 19
18 Nov, 19

WhatsApp fixes bug that would have let hackers exploit devices using MP4 files

WhatsApp has fixed a vulnerability involving malicious MP4 video files that could potentially allow an attacker to remotely access messages and files stored in the app.

By Qrius

The flaw — identified as CVE-2019-11931 — made it possible for attackers to send a specially crafted MP4 file to remotely execute malicious code on the victim’s device without any intervention.

In an advisory posted on its site, Facebook said:

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS [denial of service] or RCE [remote code execution].

However, the presence of the flaw alone doesn’t mean it could be used for nefarious purposes. As is often the case, it can be an entry point for an exploit chain that links together a group of security vulnerabilities, thereby allowing a hacker to penetrate digital protections.

Read moreThe tussle between Science and Religion

When we reached out for a response, a spokesperson for the company said, “WhatsApp is constantly working to improve the security of our service. We make public, reports on potential issues we have fixed consistent with industry best practices. In this instance there is no reason to believe users were impacted.”

The bug affected Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.

While there’s no indication that the flaw was exploited, the disclosure comes weeks after WhatsApp revealed that at least two dozen academics, lawyers, Dalit activists, and journalists in India were the target of surveillance by threat operators using security firm NSO Group’s Pegasus spyware.

Read moreWill Technology Lead to the Decline of Labour Income?

The social media giant has also sued the Israeli company for exploiting a now-fixed video calling flaw in WhatsApp service to surveil over 1,400 users.

In the meantime, it’s crucial that you update WhatsApp to the latest version to protect yourself from any possible attacks.

RAVIE LAKSHMANAN

Read moreSmart cities: Can Technology and Data Transform India?

This article was originally published on The Next Web

Stay updated with all the insights.
Navigate news, 1 email day.
Subscribe to Qrius

what is qrius

Qrius reduces complexity. We explain the most important issues of our time, answering the question: "What does this mean for me?"

Featured articles

1

Abstract

The Everlasting Allure of ‘The Double Life of Veronique’
2

‘Women are not just for sex’ says Kangana Ranaut as she hits back at fmr Cabinet Minister
3

India’s Monthly Economic Review: FY24 Outlook Bright, Fundamentals Strong, Global Headwinds
4

Where are we in the fight against ‘homosecularism,’ the belief that sexuality and religion are at odds?
5

Supreme Court refuses woman?s plea to medically terminate her 26-week pregnancy
6

How ‘Birkenstock’ built on its brand and broke bank
7

Israel-Hamas Conflict: Tackling false claims and misleading content in violence-hit Gaza
8

Humans of Bombay founder Karishma Mehta pens note on controversy with People of India
9

How did a ‘bus shelter’ go missing in Bengaluru?
10

Che Guevara

Why is Che Guevara’s image still invoked in pop culture?