WhatsApp Bug That Let Hackers Use MP4 Files to Exploit Devices Fixed

Nov. 18, 2019

Many users believe WhatsApp is one of the mostsecure messaging serviceon the planet, but recent reports seem to suggest otherwise. After reports of WhatsAppbeing used to spyon users in India, Facebook (WhatsApp’s parent company) has now disclosed that an exploit allowing remote code execution has been patched. Previously, hackers could exploit this loophole, using an MP4 video file, to execute the attack and gain access to your personal data.

Facebook elaborates on the vulnerability saying,“A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS [denial of service] or RCE [remote code execution].”

“WhatsApp is constantly working to improve the security of our service. We make public reports on potential issues we have fixed consistent with industry best practices. In this instance, there is no reason to believe that users were impacted,”confirms a Facebook spokesperson.

Facebook suggests updating WhatsApp to the newest software build to avoid the risk of hackers exploiting your personal data. There are no reports of the exploit being actively used at the moment. This is the second exploit that WhatsApp has disclosed in the past month. There’s no way we forget the use ofNSO’s Pegasus spywarefor keeping tabs on Indian journalists and human rights activists via WhatsApp.