WhatsApp's parent company Facebook has now come out and publicly disclosed a vulnerability in the popular messaging app that could allow your phone to be hacked via a malicious video file.
An advisory notice published by Facebook on November 14 warn that “a stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user.”
Having read that you must be wondering what a "stack-based buffer overflow" means. Well, in simple terms, a "buffer overflow" is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary (which is generally predefined) and overwrites adjacent memory locations.
SEE ALSO: WhatsApp Rival Apps, Telegram And Signal, Are Also Vulnerable To Hackers: Report
There is little further information from Facebook's end apart from the vulnerability being a "potential issue", but the warning is a serious one. The vulnerability was reported to the Indian Computer Emergency Response Team (CERT-IN) following the release of the patch. CERT-IN has rated the severity of the vulnerability as "high" and advised users to update their app as the vulnerability was patched in later versions.
Compromised devices risk denial of service or even remote code execution on the infected device. This could pose the risk of malware being planted on an infected device, a device used to eavesdrop or even a remote takeover.
According to Facebook, the potential issue affects the following versions of WhatsApp:
- Android versions before version 2.19.274
- WhatsApp for iOS versions before 2.19.100
- Enterprise Client versions before 2.25.3
- Windows Phone versions before and including 2.18.368
- Business for Android versions prior to 2.19.104
- Business for iOS versions prior to 2.19.100
Now, WhatsApp has been making headlines quite often over the past few weeks and its because of serious privacy concerns that stem from the platform being used by Israeli spyware firm NSO. We now know that the suite used by NSO to breach WhatsApp, named Pegasus, cost millions and was accessible only by nation states. It was then revealed that Pegasus was used to target over 1,400 journalists and activists around the world, including those from India.
SEE ALSO: WhatsApp Downloads In India Fall By 80% Following Pegasus Spyware Breach
Its unlikely that the mp4 vulnerability is linked in any way to Pegasus and the mechanism by which it exploited WhatsApp, but if you haven't updated your app yet, you should definitely do it immediately.
