08:29 GMT +314 December 2019
Listen Live
    WhatsApp

    WhatsApp Fixes Bug Allowing Hackers to Exploit Android, iPhone Devices Via MP4 Files

    © CC0
    Tech
    Get short URL
    111
    Subscribe

    The security and integrity of popular mobile messaging application WhatsApp was recently brought into question again after it was revealed that the platform carried out new security updates to prevent hackers from using MP4 files to compromise phones.

    Facebook, which owns WhatsApp, noted in a Thursday statement that the flaw was identified as  “CVE-2019-11931,” explaining that the vulnerability was a “stack-based buffer overflow [that] could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user.”

    “The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a [denial of service] or [remote code execution],” the release added, stating that the coding snag affected “Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.”

    According to Cybersecurity outlet The Hacker News, the problem was promptly amended in October. It indicated that the vulnerability allowed hackers to “remotely compromise targeted devices and potentially steal secured chat messages and files stored on them,” and that hackers only needed a WhatsApp user’s phone number to begin the process. 

    The security snafu was reportedly discovered internally. 

    In a statement to tech site The Next Web, a WhatsApp spokesperson said the company is “constantly working to improve the security” of the messaging platform, stressing that at present, “there is no reason to believe users were impacted.”

    Users, however, are urged to update their apps should they still be working with one of the affected versions.

    The revelation comes weeks after Facebook filed a lawsuit against Israeli company NSO Group, in which the social media giant alleged that the Israeli company used WhatsApp to target more than 1,400 users with highly sophisticated spyware. The NSO Group has largely disputed the allegations, saying that it will “vigorously” fight the suit.

    Facebook is presently demanding that the Israeli company be denied access to its services and systems. It’s also seeking unspecified damages.

    Related:

    WhatsApp Sees 80 Percent Decline in Downloads in India After 'Pegasus' Spyware Chaos
    Director of Remainer Advocacy Group 'Best for Britain' Exposed as WhatsApp Spy Firm Funder
    Smartphone Users Plagued by Battery Drain Blame WhatsApp for Their Woes
    Indian Army Asks Officers to Deactivate Facebook Accounts, Stay Away from WhatsApp - Report
    Pakistani Officials Asked to Replace Phones Amid WhatsApp Snooping Fears
    Tags:
    cybersecurity, NSO Group, lawsuit, security, Facebook, WhatsApp, WhatsApp
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik