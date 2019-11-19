e-paper
New Delhi -°C
Today in New Delhi, India

Nov 19, 2019-Tuesday
-°C

Humidity
-

Wind
-

Select city

Metro cities - Delhi, Mumbai, Chennai, Kolkata

Other cities - Noida, Gurgaon, Bengaluru, Hyderabad, Bhopal , Chandigarh , Dehradun, Indore, Jaipur, Lucknow, Patna, Ranchi

Tuesday, Nov 19, 2019

WhatsApp’s MP4 security vulnerability: What it is and should you be worried?

WhatsApp last week reported MP4 video file-related vulnerability for Android and iPhone users. Here’s everything you need to know about the new bug.

tech Updated: Nov 19, 2019 13:09 IST
HT Correspondent
HT Correspondent
Hindustan Times
Should you be worried?
Should you be worried?(REUTERS)
         

WhatsApp last week fixed a new security vulnerability that could have allowed hackers to gain access to users’ sensitive data using common MP4 video files. The new vulnerability comes days after WhatsApp reported spyware attack which led to snooping on 1,400 individuals around the world. Here’s everything you need to know about the latest WhatsApp bug.

What it is

Facebook revealed that hackers used ‘specially crafted MP4 file’ to trigger the remote code execution (RCE) and denial of service (DoS) cyber attack. The new bug exploited a familiar “stack-based buffer overflow” which was used by the Pegasus spyware earlier this year.

Here’s what Facebook described the vulnerability as: “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.”

CERT-In, India’s nodal agency for handling cyber-security related threats, also had similar findings about the vulnerability.

“A stack-based buffer overflow vulnerability exists in WhatsApp due to improper parsing of elementary metadata of an MP4 file. A remote attacker could exploit this vulnerability by sending a special crafted MP4 file to the target system. This could trigger a buffer overflow condition leading to execution of arbitrary code by the attacker. The exploitation doesn’t require any form of authentication from the victim and executes on downloading of malicious crafted MP4 file on the vicitims system,” said the agency.

ALSO READ: WhatsApp vulnerabilities that put users’ data at risk

Who was affected? Should you be worried?

According to Facebook, the security vulnerability was found on Android versions older than 2.19.274. It was also discovered on iOS version older than 2.19.100. Business for Android versions prior to 2.19.104; Business for iOS versions prior to 2.19.100; and Windows Phone versions before and including 2.18.368 were also impacted.

While CERT-In asked users to update their WhatsApp app, the instant messaging company said no users were affected by the latest vulnerability.

“WhatsApp is constantly working to improve the security of our service. We make public, reports on potential issues we have fixed consistent with industry best practices. In this instance, there is no reason to believe users were impacted,” said WhatsApp spokesperson in a statement.

tags
top news
After objections, new uniforms of Rajya Sabha marshals to be reviewed
After objections, new uniforms of Rajya Sabha marshals to be reviewed
Hindutva, Mehbooba Mufti and Nitish Kumar in Sena’s latest attack on BJP
Hindutva, Mehbooba Mufti and Nitish Kumar in Sena’s latest attack on BJP
Government huddles to prevent another spike in bad air
Government huddles to prevent another spike in bad air
India’s first Chief of Defence Staff will direct three service chiefs
India’s first Chief of Defence Staff will direct three service chiefs
Mumbai teen, missing for a month, was sexually assaulted and murdered
Mumbai teen, missing for a month, was sexually assaulted and murdered
Couple alleges daughters abducted, kept at self-styled godman’s institute
Couple alleges daughters abducted, kept at self-styled godman’s institute
India closer to world’s first male contraceptive injection
India closer to world’s first male contraceptive injection
Sonia, Manmohan Singh pay tribute to Indira Gandhi on her birth anniversary
Sonia, Manmohan Singh pay tribute to Indira Gandhi on her birth anniversary
trending topics
HTLS 2019International Men’s Day 2019VVS LaxmanSushmita SenKalki KoechlinJKBOSE ResultsSSC Admit card 2019Delhi air qualityParliament Winter Session Live

don't miss

latest news

India News

tech