The Indian Computer Emergency Response Team (CERT) has noted a vulnerability in WhatsApp that allowed an external attacker to target phones by sending a compromised video file in MP4 file format. Vulnerability Note CIVN-2019-0181 has been categorized into the 'High Severity' category, affecting the WhatsApp issue for Android and iOS users, according to the advice of the company and CERT.
According to the security notice notified by WhatsApp, can "a stack-based buffer overflow utl seen in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. An external attacker can exploit this vulnerability by sending a specially crafted MP4 file to the target system. ”
The new threat is reported to trigger a buffer overflow relationship that leads to arbitrary code execution by the attacker. The exploitation also does not require any kind of authentication from the victim's end. It is run by downloading a maliciously crafted MP4 file on the recipient's system, which can be sent by anyone who has access to a user's mobile number used for WhatsApp.
The security message states: "Successful exploitation of this vulnerability could allow the external attacker to cause external code execution (RCE) or Denial of Service (DoS), which could further compromise the system." is typically used to run malicious software on the device and the attack is used to steal information from the device without the user's knowledge.
Explained: What is Israeli spy software Pegasus, which conducted surveillance via WhatsApp?
WhatsApp's advice also notes that the issue affects the Android version before v2.19.134, WhatsApp Business for Android before v2.19.44, WhatsApp for iOS before v2.19.51, WhatsApp Business for Android iOS before v2.19.51, WhatsApp for Windows Phone before v2.18.348, and WhatsApp for Tizen before v2.18.15.
However, a WhatsApp spokesman said there was no reason to believe that users were affected. WhatsApp is constantly working to improve the security of our service. We make public reports of potential problems we have resolved, in line with industry best practices, "the statement said. Continued users are encouraged to update to the latest version where the problem is resolved.
The Facebook advisory does not provide further details All we know is that the attacker could exploit the bug to target the system, which sounds like how most malicious software or spyware works.
WhatsApp is currently in the middle of the Pegasus spoofing case where an Israel-based spyware Manufacturer NSO Group used the sophisticated spyware to target the messaging app and then hack into phones. Pegasus took advantage of an error in WhatsApp's video calling feature and once installed on the device, it would have full control over the device, including phone calls, messages and even and even be used remotely to turn on the camera or microphone.