WhatsApp bug that could allow hackers to infect your phone via video file
It’s not clear if the video file must be opened or if it can simply be sent to a user to allow a hacker to hack your phone.
The bug was present in the iOS, Android, and even Windows Phone versions of the WhatsApp and WhatsApp for Business apps.
According to Facebook: “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user.”
The bug has been patched in the latest versions of WhatsApp, and was reported to India’s CERT-IN following the release of the patch. CERT-IN has rated the severity of the vulnerability as “high” and advised users to update their app.
More recently, WhatsApp has been at the centre of controversy involving state-sponsored spyware made by Israeli firm NSO Group. The suite of tools, called Pegasus, costs millions of dollars and is only accessible to nation-states. It was revealed that this spyware suite was used to targets over 1,400 journalists and activists around the world, including several dozen such people in India. WhatsApp was one of the vectors used to spread the attack. Given the mechanism by which Pegasus exploited WhatsApp, it’s unlikely that this mp4 vulnerability was involved.
Regardless, if you’re on the following versions of the WhatsApp app, it’s high time you updated your app:
- Android versions prior to 2.19.274
- iOS versions prior to 2.19.100
- Enterprise Client versions prior to 2.25.3
- Windows Phone versions before and including 2.18.368
- Business for Android versions prior to 2.19.104
- Business for iOS versions prior to 2.19.100