Hackers are using a critical vulnerability in the Facebook-owned WhatsApp to trigger an attack on both iOS and Android devices. If someone sends an MP4 file on WhatsApp, think twice before downloading it.
A special designed MP4 file activates the remote code execution (RCE) and hacks your mobile. All users are recommended to update their existing WhatsApp to the latest version from app stores to avoid being targeted.
“The vulnerability is classified as ‘Critical’ severity that affected an unknown code block of the component MP4 File Handler in WhatsApp,” reported gbhackers.com on Saturday.
Facebook has also responded to the issue highlighting how serious this issue is after there are reports of some devices being compromised. The company issued has issued a statement advising “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user.”
“The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.”
It is reported that the new vulnerability is found in major Android versions prior to 2.19.274; iOS versions prior to 2.19.100. It is also reported in Enterprise Client versions prior to 2.25.3; Business for Android versions prior to 2.19.104; Business for iOS versions prior to 2.19.100; and Windows Phone versions before and including 2.18.368.
“The RCE vulnerability allows hackers to perform the attack remotely without any sort of authentication,”
By using MP4 files, hackers can hack the user’s device to steal sensitive files and is also used for surveillance purposes by keeping a record of activities, cameras, etc.