Earlier this month, WhatsApp was facing backlash for putting its users’ privacy at risk. The Facebook-owned company faced criticism for the Pegasus spyware breach. Earlier this year, the popular messaging app was reportedly used to hack into the devices of around 1,400 users worldwide. Now, Facebook has issued a severe security warning for both Android and iOS WhatsApp users.
WhatsApp discovered that a specially-crafted malicious MP4 file may put users vulnerable to malware attacks. Hackers can use the vulnerability to deploy the malware on the user’s device. They can steal sensitive files and snoop on them — the way an Israeli software Pegasus developed by cyber intelligence company NSO Group did by exploiting the video calling system. It successfully snooped on 1,400 selected users globally and in India, including human rights activists and journalists.
Facebook had earlier said, “a stack-based buffer overflow could be triggered in WhatsApp by sending a specially-crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.” The vulnerability is classified as “critical” severity that affected an unknown code block of the component MP4 File Handler in WhatsApp.
How to check if you are safe on WhatsApp
If Android and iOS WhatsApp users want to be safe from this vulnerability, they will have to upgrade the messaging app to the latest version. Android WhatsApp users should download the 2.19.274 WhatsApp version. You can check whether you are using the latest version or not in the Settings section. You then need to tap on Help and go to ‘App info.’
iOS WhatsApp users should be on the 2.19.100 WhatsApp version. To check the WhatsApp version on your iPhone, you need to visit the Settings section, then tap on ‘Help.’ Here you will be able to check the version number. Besides, the vulnerability was found in Enterprise Client versions prior to 2.25.3; Business for Android versions prior to 2.19.104; and Business for iOS versions prior to 2.19.100 have been affected. That’s not all, the Windows Phone versions before and including 2.18.368 could also be attacked by hackers.