Attackers using WhatsApp MP4 video files vulnerability can remotely execute code

Daniel Fowler
November 18, 2019

Regarding the recent threat, in an advisory on Facebook, it is mentioned that "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user.The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE". Now, once again, hackers created malicious MP4 files to trigger the remote code execution (RCE) and denial of service (DoS) cyber attack.

Facebook, which owns WhatsApp messenger, warned several days ago about a system vulnerability that allows hackers to send "a specially crafted MP4 file" to its Android and iOS users. Indian officials denied of having used the software and rejected the allegations of hacking WhatsApp users. It was reported that the spyware exploited a vulnerability in the WhatsApp to hack phones using the app's video calling feature.

The critical bug is found on the WhatsApp versions before 2.19.274 on the Android and iOS versions prior to 2.19.100. However, there does not appear to be any reports of the vulnerability being actively exploited in the wild.

WhatsApp has previously been central to a controversy relating to the Israeli company NSO Group, the makers of the Pegasus "lawful intercept" tool.

Tua Tagovailoa injury could be devastating for his NFL Draft stock
He was injured on third play of the ensuing drive; he left the game on an injury cart, unable to put any weight on his right leg. Alabama coach Nick Saban said the plan was to remove Tagovailoa from the game before the series when the quarterback was injured.

An MP4 file extension is a compressed file format that cannot only carry video, but audio and subtitles as well. "In this instance, there is no reason to believe users were impacted", a company spokesperson said in a statement shared with IANS.

If you have a newer build of WhatsApp installed, you're safe - just run a check to see if there are any updates available for your handset. We make public reports on potential issues we have fixed consistent with industry best practices.

This isn't the first time the messaging app has suffered from vulnerabilities that could lead to users' data being stolen.

Other reports by

Discuss This Article