New WhatsApp Bug found in both Android and IoS by Sending Crafted MP4 File
By MYBRANDBOOK
A new critical vulnerability found in both Android/iOS WhatsApp version Let hackers sending a specially crafted MP4 file to WhatsApp user and trigger the stack-based buffer overflow to perform remote code execution and DoS Attack.
The specially crafted MP4 file triggers the remote code execution (RCE) and denial of service (DoS) cyberattack. “The vulnerability is classified as ‘Critical’ severity. It affected an unknown code block of the component MP4 File Handler in WhatsApp,” gbhackers reported.
Facebook said, “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. “The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.”
The vulnerability affected the following Versions:
· Android versions prior to 2.19.274
· iOS versions prior to 2.19.100,
· Enterprise Client versions prior to 2.25.3
· Business for Android versions prior to 2.19.104
· Business for iOS versions prior to 2.19.100
· Windows Phone versions before and including 2.18.368
The vulnerability classified as “Critical” Severity that affected an unknown code block of the component MP4 File Handler in WhatsApp. Successful exploitation of this bug leads the manipulation as part of a Message to trigger the Stack-based memory corruption vulnerability in WhatsApp Messenger.
Hackers can take advantage of this vulnerability to deploy the malware on the user’s device to steal sensitive files and also used to surveillance purposes. The RCE vulnerability allows hackers to perform the attack remotely without any sort of authentication.
This is not the first time Remote code execution vulnerability found in WhatApp in this year, we have reported another WhatsApp RCE Vulnerability in last month that allowed remote hackers to steal the files in your Android phone using malformed GIF’s. There is no technical details are available for this critical WhatsApp Vulnerability and an exploit is not available at this moment.
The news comes on the heels an Israeli software Pegasus by cyber intelligence company NSO Group that exploited its video calling system to snoop on 1,400 users globally. In India, the list included human rights activists and journalists. The issue snowballed into a political one and the Indian government denied either purchasing or planning to purchase the infamous software in question.
“We agree with the government of India’s strong statement about the need to safeguard the privacy of all Indian citizens. That is why we’ve taken this strong action to hold cyber attackers accountable and why WhatsApp is so committed to the protection of all user messages through the product we provide,” a WhatsApp spokesperson had said in a statement.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : NATARAJAN CHANDRASEKARAN
Natarajan Chandrasekaran (Chandra) is the Chairman of Tata Sons, the h...
Icons Of India : Harsh Jain
Harsh Jain, the co-founder of Dream 11, the largest fantasy sports web...
ICONS OF INDIA : SANDIP PATEL
Sandip Patel is the Managing Director for IBM India & South Asia regio...
NPCI - National Payments Corporation of India
NPCI is an umbrella organization for operating retail payments and set...
STPI - Software Technology Parks of India
STPI promotes and facilitates the growth of the IT and ITES industry i...
BEL - Bharat Electronics Limited
BEL is an Indian Government-owned aerospace and defence electronics co...
Indian Tech Talent Excelling The Tech World - ARVIND KRISHNA, CEO – IBM
Arvind Krishna, an Indian-American business executive, serves as the C...
Indian Tech Talent Excelling The Tech World - JAY CHAUDHRY, CEO – Zscaler
Jay Chaudhry, an Indian-American technology entrepreneur, is the CEO a...
Indian Tech Talent Excelling The Tech World - Steve Sanghi, Executive Chair, Microchip
Steve Sanghi, the Executive Chair of Microchip Technology, has been a ...