WhatsApp’s MP4 security vulnerability: What it is and should you be worried?

WhatsApp last week fixed a new security vulnerability that could have allowed hackers to gain access to users’ sensitive data using common MP4 video files. The new vulnerability comes days after WhatsApp reported spyware attack which led to snooping on 1,400 individuals around the world. Here’s everything you need to know about the latest WhatsApp bug.

What it is

Facebook revealed that hackers used ‘specially crafted MP4 file’ to trigger the remote code execution (RCE) and denial of service (DoS) cyber attack. The new bug exploited a familiar “stack-based buffer overflow” which was used by the Pegasus spyware earlier this year.

Here’s what Facebook described the vulnerability as: “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.”

CERT-In, India’s nodal agency for handling cyber-security related threats, also had similar findings about the vulnerability.

“A stack-based buffer overflow vulnerability exists in WhatsApp due to improper parsing of elementary metadata of an MP4 file. A remote attacker could exploit this vulnerability by sending a special crafted MP4 file to the target system. This could trigger a buffer overflow condition leading to execution of arbitrary code by the attacker. The exploitation doesn’t require any form of authentication from the victim and executes on downloading of malicious crafted MP4 file on the vicitims system,” said the agency.

Who was affected? Should you be worried?

According to Facebook, the security vulnerability was found on Android versions older than 2.19.274. It was also discovered on iOS version older than 2.19.100. Business for Android versions prior to 2.19.104; Business for iOS versions prior to 2.19.100; and Windows Phone versions before and including 2.18.368 were also impacted.

While CERT-In asked users to update their WhatsApp app, the instant messaging company said no users were affected by the latest vulnerability.

“WhatsApp is constantly working to improve the security of our service. We make public, reports on potential issues we have fixed consistent with industry best practices. In this instance, there is no reason to believe users were impacted,” said WhatsApp spokesperson in a statement.

News is information about current events. News is provided through many different media: word of mouth, printing, postal systems, broadcasting, electronic communication, and also on the testimony of observers and witnesses to events. It is also used as a platform to manufacture opinion for the population.

Contact Info

D 601  Riddhi Sidhi CHSL
Unnant Nagar Road 2
Kamaraj Nagar, Goreagaon West
Mumbai 400062 .

Email Id: [email protected]

West Bengal

Eastern Regional Office
Indsamachar Digital Media
Siddha Gibson 1,
Gibson Lane, 1st floor, R. No. 114,
Kolkata – 700069.
West Bengal.

Office Address

251 B-Wing,First Floor,
Orchard Corporate Park, Royal Palms,
Arey Road, Goreagon East,
Mumbai – 400065.

Download Our Mobile App

IndSamachar Android App IndSamachar IOS App
To Top
WhatsApp WhatsApp us