WhatsApp Suffered from Critical Security Vulnerability Triggered by Specially-Crafted MP4 File


Whatsapp is again hit by a security threat that allows hackers to steal personal information of the user. This time, hackers are using a specially designed MP4 File that can steal personal information without even the user’s permission. 

So, it is advised to every WhatsApp user to not to download an MP4 file sent by an unknown contact. This attack is vulnerable to both Android as well as iOS devices. The specially crafted MP4 file triggers the remote code execution (RCE) and denial of service (DoS) cyber-attack. Users are recommended to update their WhatsApp app to avoid being targeted.

“The vulnerability is classified as ‘Critical’ severity that affected an unknown code block of the component MP4 File Handler in WhatsApp,” reported gbhackers.com on Saturday.

Facebook has also issued an advisory, saying “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.”

This is not the first time that Facebook-owned WhatsApp has been compromised with security issues. Earlier, an Israeli software Pegasus exploited its video calling system to snoop on 1,400 selected users globally. In India, several human rights activists and journalists were under surveillance using the software.

And this time, a similar security vulnerability has been found in WhatsApp which is categorized under the Critical category. The new vulnerability is found in Android versions prior to 2.19.274; iOS versions prior to 2.19.100; Enterprise Client versions prior to 2.25.3; Business for Android versions prior to 2.19.104; Business for iOS versions prior to 2.19.100; and Windows Phone versions before and including 2.18.368.

Furthermore, the Indian Army has asked its officers to stay away from social media platforms like WhatsApp and Facebook. They have been asked to deactivate their Facebook accounts and not to use WhatsApp for any official communication.

The Army officers holding critical posts in all headquarters, divisions, and brigades have been issued an advisory last month which states that WhatsApp is a vulnerable platform and so should not be used for any official communication.

Hackers can use the WhatsApp vulnerability to deploy the malware on the user’s device to steal sensitive files and also used to surveillance purposes. So, it is advised you to update your WhatsApp and don’t download any MP4 file.

For the latest tech news and updates, Install TechCodex App and follow us on Facebook and Twitter. Also, if you like our efforts, consider sharing this story with your friends, this will encourage us to bring more exciting updates for you.


This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More