WhatsApp, one of the most popular messaging apps owned by Facebook is vulnerable to an attack by hackers that could lead user data unprotected and also give access to their chats. This affects WhatsApp users on all platforms.
Facebook the company that owns WhatsApp issued a warning on Thursday about a buffer overflow vulnerability in the app. The vulnerability can be exploited using an MP4 file with malicious code.
The threat is told to be really high risk with WhatsApp having almost 1.5 billion active users across the world making it the most popular messaging app. This bug could potentially lead to a remote code execution (RCE) that can give access to the user’s data and files and hackers could also use a Denial of Service attack (DoS). All this just by the user watching an MP4 video.
It is a good time to add that the new feature in WhatsApp by Facebook allowing users to select who can add them to a group is really useful when it comes to security. This will in some way provide some form of protection from this vulnerability.
Here is what Facebook had to say about the vulnerability:
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.
WhatsApp spokesperson has also stated that the attack has not yet affected users.
WhatsApp is constantly working to improve the security of our service. We make public, reports on potential issues we have fixed consistent with industry best practices. In this instance there is no reason to believe users were impacted.
The good news is that Facebook has already issued a fix for the app.
The versions affected are:
Android: all versions before 2.19.274 Android Business app: all versions before 2.19.104 iOS: all versions before 2.19.100 iOS Business app: all versions before 2.19.100 Windows: all versions before and including 2.18.368 Enterprise Client: all versions before 2.25.3
It is highly recommended that you update your WhatsApp and check what version you are running just to be on the safe side