ISLAMABAD – If you’ve recently received an odd-looking MP4 file onWhatsApp, you better be wary of it. A brand new attack is doing the roundsthat is exploiting a security vulnerability in the chat application on bothAndroid and iOS devices. It involves sending a special MP4 file to thetarget account that triggers the remote code execution (RCE) and denial ofservice (DoS) attacks.
These attacks allow the hacker to snoop around the victim’s device,therefore users are advised to update their WhatsApp in order to avoidgetting targeted.
Classified as ‘Critical’ in terms of severity, the security vulnerabilityhas affected an unknown portion of code in the MP4 file handler componentin WhatsApp. Naturally, Facebook issued an *advisory*link in thisregard.
“A stack-based buffer overflow could be triggered in WhatsApp by sending aspecially crafted MP4 file to a WhatsApp user. The issue was present inparsing the elementary stream metadata of an MP4 file and could result in aDoS or RCE,” said the social media giant in a statement.
This vulnerability has been found on all Android versions prior to 2.19.274and all iOS versions prior to 2.19.100. It allows hackers to deploy malwareon the victim’s device that can steal important files and performsurveillance as well. The RCE vulnerability, in particular, enables hackersto perform remote attacks without any form of authentication.
As it happens, this isn’t the first time this year that a source has usedan MP4 system to target accounts on WhatsApp. Pegasus, a piece of spywarecreated by Israeli surveillance firm NSO, was used to spy on Indianjournalists and human rights activistslinkbyexploiting WhatsApp’s video calling system.
There is definitely a need to not only hold cyber attackers accountable fortheir actions but also to revamp WhatsApp’s security infrastructure to fixsuch vulnerabilities.