ADVERTISEMENT
WhatsApp bug allows hackers spy on users via MP4 video
Rohit KVN
DHNS
Last Updated IST
The WhatsApp app logo is seen on a smartphone in this illustration (Reuters File Photo)
The WhatsApp app logo is seen on a smartphone in this illustration (Reuters File Photo)

It looks like Facebook-owned WhatsApp can't catch a break. After getting panned for the Pegasus spy tool controversy, the company has again come under scrutiny for a bug, classified as 'critical severity' in the messenger app.

It has come to light that cybercriminals have found a loophole, in WhatsApp, wherein they can send corrupt MP4 videos to victim's phones and carry out remote code execution (RCE) and denial of service (DoS) cyber attack. They can even steal sensitive information and even spy on WhatsApp users.

"A stack-based buffer overflow vulnerability (tracked as CVE-2019-11931) exists in WhatsApp due to improper parsing of elementary stream metadata of an MP4 file. A remote attacker could exploit this vulnerability by sending a specially crafted MP4 file to the target system, This could trigger a buffer overflow condition leading to the execution of arbitrary code by the attacker. The exploitation does not require any form of authentication from the victim end and executes on downloading of malicious crafted mp4 file on the victim's system," CERT-In (Indian Computer Emergency Response Team) said.

ADVERTISEMENT

Which phones are vulnerable to the WhatsApp bug?

Android versions prior to 2.19.274
Apple iOS versions prior to 2.19.100,
Enterprise Client versions prior to 2.25.3
Windows Phone versions before and including 2.18.368
Business for Android versions prior to 2.19.104
Business for iOS versions prior to 2.19.100

Facebook has acknowledged the existence of the bug (CVE-2019-11931) and has released the security patch to all the affected versions.

So far, there are no official reports of hacking by cybercriminals using the aforementioned WhatsApp security loophole just yet. But, it is advisable for all mobile phone owners to upgrade to the latest WhatsApp update, as early as possible. Follow the procedure below.

For iPhones
Go to App Store >> type WhatsApp Messenger >> tap on the update button

For Android mobiles
Go to Google Play store >> type WhatsApp Messenger >> tap on the update button

Microsoft Windows phones
Windows Phone 8.1:
Go to Store, then tap Menu > my apps > WhatsApp > update.
Alternatively, go to Store and search for WhatsApp. Tap WhatsApp > update.

Windows Phone 10:
Go to Microsoft Store, then tap Menu > My Library. Tap Update next to WhatsApp.
Alternatively, go to Microsoft Store and search for WhatsApp. Tap WhatsApp > Update.

In a related development, WhatsApp is causing rapid battery draining in most of the Android and iOS phones.

As of now, there is no permanent fix or any software patch to fix the aforementioned problem, but they can activate low-battery mode to kill WhatsApp from working in the background.

For iPhones:
Go to Settings >> Battery >> Low Power Mode

For Android phones:
Go to Settings >> Tap Battery And then Battery saver And then Set a schedule.

Pick when battery saver will turn on, for example:
No schedule: Only when you turn on the battery saver manually.
Based on percentage: When your battery reaches a certain percentage charge, like 5%.

Get the latest news on new launches, gadget reviews, apps and more on personal technology only on DH Tech.

ADVERTISEMENT
(Published 18 November 2019, 14:15 IST)