User data not affected from new MP4 file bug WhatsApp

Tuesday, 19 Nov, 2019

Last week, the technology giant said in a security advisory that the WhatsApp bug, tracked as CVE-2019-11931, is a stack-based buffer overflow issue which can be triggered by attackers sending crafted.MP4 video files to victims. A hacker could use a person's cell number to send a video file through WhatsApp and install an unwanted program in their phones exploiting such vulnerability.

The critical bug is found on the WhatsApp versions before 2.19.274 on the Android and iOS versions prior to 2.19.100.

India's nodal agency for responding to cyber security threats/incidents has a warning for WhatsApp users.

According to Softpedia, there appear to be no reported cases of exploits of the flaw at this time. After reports of WhatsApp being used to spy on users in India, Facebook (WhatsApp's parent company) has now disclosed that an exploit allowing remote code execution has been patched.

WhatsApp has preset a vulnerability involving destructive MP4 movie information that could potentially let an attacker to remotely access messages and information stored in the app.

Earlier this year, WhatsApp confirmed that spyware developed by NSO Group was used against a series of targets that included mostly high-profile Indian users, such as journalists and academics. WhatsApp for Windows phones before and including 2.18.368 are also vulnerable to an attack.

Users, however, are urged to update their apps should they still be working with one of the affected versions.

The specially designed MP4 file is said to trigger the RCE (Remote Code Execution) and DoS (Denial of Service) cyberattack. We make public records on possible problems we have actually fixed constant with industry finest techniques. "In this instance, there is no reason to believe that users were impacted". The current version of WhatsApp on Google Play seems to be version 2.19.330, while the iOS version stands at version 2.19.112.

Updating to the latest version of WhatsApp, regardless of the edition that you are now running, should be enough to keep your device protected.