The most popular instant messaging app in the world is not feeling well. We have not even gotten over the Pegasus spyware attack and its implications, and WhatsApp has confirmed that another bug allows hackers to take control of a user’s WhatsApp data and even the data on their phone can take over.
The best thing you can do now to reduce the risk of compromising your WhatsApp data is to update the app on your Android phone or Apple iPhone from the Play Store or App Store.
WhatsApp Confirms a New Bug; A potential hacker can trigger this to take control of your phone by sending you an infected video file in MP4 format.
“A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The problem occurred when parsing the metadata of the elementary stream of an MP4 file and could result in a DoS or RCE.” States the statement issued by Facebook about the latest WhatsApp vulnerability.
The following versions of the WhatsApp, app are at high risk.
- Android versions prior to 2.19.274
- iOS versions prior to 2.19.100
- Enterprise Client versions prior to 2.25.3
- Windows Phone versions before and including 2.18.368
- Business for Android versions prior to 2.19.104
- Business for iOS versions prior to 2.19.100.
The critical WhatsApp vulnerability can be tracked as CVE-2019-11931.
The bug has been patched in the latest versions of WhatsApp and was reported to India’s CERT-IN following the release of the patch.
Many users retain the automatic download option for media files, which makes life easier for hackers.
It is confirmed that WhatsApp for Android versions before 2.19.274, WhatsApp for iOS versions before 2.19.100, Enterprise Client versions before 2.25.3, versions of Windows Phone before 2.18.368, and WhatsApp for Business for Android versions before 2.19.104 and WhatsApp For Business for iOS versions before 2.19.100 are affected from this bug.
Also, there is little valuable information, but as far as we can understand, it is a serious one. A malware attack can interfere with the phone. There is a risk that due to this bug malware will access data, take over your phone or computer remotely, or even overhear conversations. It’s as serious as it gets. There is also no word on how this vulnerability was discovered.
WhatsApp has recently confirmed that the Israeli-based company NSO Group has used spyware to spy on government officials, journalists, activists, lawyers, and various countries worldwide, including India.
Confirmation of the use of Pegasus spyware following WhatsApp’s allegation against the NSO Group, which had long been suspected as part of the WhatsApp cyberattack earlier this year.
This became apparent after WhatsApp sent messages that warned users in India that they were the target of a spyware attack and that the data on their phone and the instant messaging app might have been compromised.
Get the best of Tech Suggest delivered to your inbox – subscribe to The Tech Suggest Newsletter. Follow Thetechsuggest.com on Twitter, Instagram, Facebook, and Linkedin, and stay in touch with what’s happening in the world around you – in real-time.