WhatsApp affected by MP4 file-driven security vulnerability
- Popular messaging platform WhatsApp is affected by a new critical security vulnerability which is triggered by a specially crafted MP4 file.
- If downloaded, this MP4 file can let hackers snoop into the smartphone via Remote Code Execution (RCE) and Denial of Service (DoS) cyberattack. Basically, hackers can access your private data and deploy malware on the smartphone.
- This attack is found on both Android and iOS. For Android, WhatsApp versions 2.19.274 or before, and on iOS, versions 2.19.100 or before are affected. Even WhatsApp Business versions prior to 2.19.104 on Android and prior to 2.19.100 on iOS are said to be affected.
- Parent company Facebook’s official statement claims, “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.”
- Therefore, it is advisable to currently refrain from downloading any forwarded MP4 file on WhatsApp.