New WhatsApp Bug found in both Android and IoS by Sending Crafted MP4 File


By MYBRANDBOOK


New WhatsApp Bug found in both Android and IoS by Sending Crafted MP4 File

A new critical vulnerability found in both Android/iOS WhatsApp version Let hackers sending a specially crafted MP4 file to WhatsApp user and trigger the stack-based buffer overflow to perform remote code execution and DoS Attack.

 

The specially crafted MP4 file triggers the remote code execution (RCE) and denial of service (DoS) cyberattack. “The vulnerability is classified as ‘Critical’ severity. It affected an unknown code block of the component MP4 File Handler in WhatsApp,” gbhackers reported.

 

Facebook said, “A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. “The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.”

 

The vulnerability affected the following Versions:

· Android versions prior to 2.19.274

· iOS versions prior to 2.19.100,

· Enterprise Client versions prior to 2.25.3

· Business for Android versions prior to 2.19.104

· Business for iOS versions prior to 2.19.100

· Windows Phone versions before and including 2.18.368

 

The vulnerability classified as “Critical” Severity that affected an unknown code block of the component MP4 File Handler in WhatsApp. Successful exploitation of this bug leads the manipulation as part of a Message to trigger the Stack-based memory corruption vulnerability in WhatsApp Messenger.

 

Hackers can take advantage of this vulnerability to deploy the malware on the user’s device to steal sensitive files and also used to surveillance purposes. The RCE vulnerability allows hackers to perform the attack remotely without any sort of authentication.

 

This is not the first time Remote code execution vulnerability found in WhatApp in this year, we have reported another WhatsApp RCE Vulnerability in last month that allowed remote hackers to steal the files in your Android phone using malformed GIF’s. There is no technical details are available for this critical WhatsApp Vulnerability and an exploit is not available at this moment.

 

The news comes on the heels an Israeli software Pegasus by cyber intelligence company NSO Group that exploited its video calling system to snoop on 1,400 users globally. In India, the list included human rights activists and journalists. The issue snowballed into a political one and the Indian government denied either purchasing or planning to purchase the infamous software in question.

 

“We agree with the government of India’s strong statement about the need to safeguard the privacy of all Indian citizens. That is why we’ve taken this strong action to hold cyber attackers accountable and why WhatsApp is so committed to the protection of all user messages through the product we provide,” a WhatsApp spokesperson had said in a statement.

 E-Magazine 
 VIDEOS  Placeholder image

Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org